Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 66f4feae6687 · 2026-03-30T13:45:02.000Z
GHSA-25gx-x37c-7pph GHSA-hwpq-rrpf-pgcq GHSA-vjp8-wprm-2jw9
diff --git a/advisories/github-reviewed/2026/03/GHSA-25gx-x37c-7pph/GHSA-25gx-x37c-7pph.json b/advisories/github-reviewed/2026/03/GHSA-25gx-x37c-7pph/GHSA-25gx-x37c-7pph.json
@@ -1,15 +1,21 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-25gx-x37c-7pph",
-  "modified": "2026-03-03T19:17:48Z",
+  "modified": "2026-03-30T13:43:24Z",
   "published": "2026-03-03T19:17:48Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-32064"
+  ],
   "summary": "OpenClaw's andbox browser noVNC observer lacked VNC authentication",
   "details": "The sandbox browser entrypoint launched `x11vnc` without authentication (`-nopw`) for noVNC observer sessions.\n\nOpenClaw-managed runtime flow publishes the noVNC port to host loopback only (`127.0.0.1`), so default exposure is local to the host unless operators explicitly expose the port more broadly (or run the image standalone with broad port publishing).\n\n## Affected Packages / Versions\n\n- Package: `docker/openclaw`\n- Affected: `<= 2026.2.19-2`\n- Patched: `>= 2026.2.21`\n\n## Technical details\n\n- `scripts/sandbox-browser-entrypoint.sh` used `x11vnc ... -nopw` for noVNC observer flow.\n- `websockify` exposed noVNC for the container listener.\n- OpenClaw runtime (`src/agents/sandbox/browser.ts`) already mapped host publish to loopback, but observer auth was missing.\n\n## Fix\n\n- Require VNC password auth in the sandbox browser entrypoint (`x11vnc -rfbauth`), replacing `-nopw`.\n- Generate per-container noVNC password in runtime and inject `OPENCLAW_BROWSER_NOVNC_PASSWORD`.\n- Emit short-lived noVNC observer token URLs instead of sharing raw noVNC passwords in shared URLs.\n- Keep loopback-only host port publish and bump sandbox browser security hash epoch.\n- Add security audit findings for sandbox browser containers that publish ports on non-loopback interfaces.\n\nOperational note: rebuild the sandbox browser image and recreate browser containers so existing containers pick up the fix.\n\n## Fix Commit(s)\n\n- `621d8e1312482f122f18c43c72c67211b141da01`\n- `8c1518f0f3e0533593cd2dec3a46c9b746753661`\n\n## Release Process Note\n\nPatched version is pre-set to the planned next release (`2026.2.21`). After npm release, this advisory can be published without further field edits.\n\nOpenClaw thanks @TerminalsandCoffee for reporting.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -38,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-25gx-x37c-7pph"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32064"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/621d8e1312482f122f18c43c72c67211b141da01"
@@ -49,14 +59,18 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-missing-vnc-authentication-in-sandbox-browser-novnc-observer"
     }
   ],
   "database_specific": {
     "cwe_ids": [
       "CWE-287",
       "CWE-862"
     ],
-    "severity": "MODERATE",
+    "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-03T19:17:48Z",
     "nvd_published_at": null
diff --git a/advisories/github-reviewed/2026/03/GHSA-hwpq-rrpf-pgcq/GHSA-hwpq-rrpf-pgcq.json b/advisories/github-reviewed/2026/03/GHSA-hwpq-rrpf-pgcq/GHSA-hwpq-rrpf-pgcq.json
@@ -1,15 +1,21 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hwpq-rrpf-pgcq",
-  "modified": "2026-03-02T23:33:08Z",
+  "modified": "2026-03-30T13:44:16Z",
   "published": "2026-03-02T23:33:08Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-32065"
+  ],
   "summary": "OpenClaw: system.run approval identity mismatch could execute a different binary than displayed",
   "details": "### Summary\n`system.run` approvals in OpenClaw used rendered command text as the approval identity while trimming argv token whitespace. Runtime execution still used raw argv. A crafted trailing-space executable token could therefore execute a different binary than what the approver saw.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.24`\n- Patched versions: `>= 2026.2.25`\n\n### Impact\nThis is an approval-integrity bypass that can lead to unexpected command execution under the OpenClaw runtime user when an attacker can influence `command` argv and reuse/obtain a matching approval context.\n\n### Trust Model Note\nOpenClaw does not treat adversarial multi-user sharing of one gateway host/config as a supported security boundary. This finding is still valid in supported deployments because it breaks the operator approval boundary itself (approved display command vs executed argv).\n\n### Fix Commit(s)\n- `03e689fc89bbecbcd02876a95957ef1ad9caa176`\n\n### Release Process Note\n`patched_versions` is pre-set to the release (`2026.2.25`). Advisory published with npm release `2026.2.25`.\n\nOpenClaw thanks @tdjackey for reporting.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"
+    },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -41,21 +47,29 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hwpq-rrpf-pgcq"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32065"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/03e689fc89bbecbcd02876a95957ef1ad9caa176"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-approval-identity-mismatch-in-system-run-command-execution"
     }
   ],
   "database_specific": {
     "cwe_ids": [
       "CWE-436",
       "CWE-863"
     ],
-    "severity": "HIGH",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-02T23:33:08Z",
     "nvd_published_at": null
diff --git a/advisories/github-reviewed/2026/03/GHSA-vjp8-wprm-2jw9/GHSA-vjp8-wprm-2jw9.json b/advisories/github-reviewed/2026/03/GHSA-vjp8-wprm-2jw9/GHSA-vjp8-wprm-2jw9.json
@@ -1,15 +1,21 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vjp8-wprm-2jw9",
-  "modified": "2026-03-04T18:56:10Z",
+  "modified": "2026-03-30T13:42:54Z",
   "published": "2026-03-04T18:56:10Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-32067"
+  ],
   "summary": "OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access",
   "details": "### Summary\nOpenClaw had account-scope gaps in pairing-store access for DM pairing policy, which could let a pairing approval from one account authorize the same sender on another account in multi-account setups.\n\n### Impact\nThis is an authorization-boundary weakness in multi-account channel deployments. A sender approved in one account could be accepted in another account before explicit approval there.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published version affected: `2026.2.25`\n- Vulnerable range: `<= 2026.2.25`\n- Patched version (planned next release): `>= 2026.2.26`\n\n### Fix\nOpenClaw now enforces account-scoped pairing reads/writes consistently across core and extension message channels, with stricter runtime/SDK helpers and shared policy wiring to prevent cross-account pairing bleed.\n\n### Fix Commit(s)\n- `a0c5e28f3bf0cc0cd9311f9e9ec2ca0352550dcf`\n- `bce643a0bd145d3e9cb55400af33bd1b85baeb02`\n\n### Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.26`). After npm publish of that version, this advisory is ready to publish without further content edits.\n\nOpenClaw thanks @tdjackey for reporting.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -41,6 +47,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vjp8-wprm-2jw9"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32067"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/a0c5e28f3bf0cc0cd9311f9e9ec2ca0352550dcf"
@@ -52,6 +62,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-cross-account-authorization-bypass-in-dm-pairing-store"
     }
   ],
   "database_specific": {
