Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 91f7b0ac3fc3 · 2026-04-01T00:02:59.000Z
GHSA-2x4x-cc5g-qmmg GHSA-5r8f-96gm-5j6g GHSA-63mg-xp9j-jfcm GHSA-p4x4-2r7f-wjxg GHSA-qxgf-hmcj-3xw3
diff --git a/advisories/github-reviewed/2026/04/GHSA-2x4x-cc5g-qmmg/GHSA-2x4x-cc5g-qmmg.json b/advisories/github-reviewed/2026/04/GHSA-2x4x-cc5g-qmmg/GHSA-2x4x-cc5g-qmmg.json
@@ -0,0 +1,76 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x4x-cc5g-qmmg",
+  "modified": "2026-04-01T00:00:19Z",
+  "published": "2026-04-01T00:00:19Z",
+  "aliases": [
+    "CVE-2026-33577"
+  ],
+  "summary": "OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes",
+  "details": "## Summary\n\nThe node pairing approval path did not consistently enforce that the approving caller already held every scope requested by the node.\n\n## Impact\n\nA lower-privileged operator could approve a pending node request for broader scopes and extend privileges onto the paired node.\n\n## Affected Component\n\n`src/infra/node-pairing.ts, src/gateway/server-methods/nodes.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `4d7cc6bb4f` (`gateway: restrict node pairing approvals`).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2x4x-cc5g-qmmg"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33577"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/4d7cc6bb4fac68b5a5fadd1c5a23168281221f34"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-insufficient-scope-validation-in-node-pair-approve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T00:00:19Z",
+    "nvd_published_at": "2026-03-31T15:16:14Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-5r8f-96gm-5j6g/GHSA-5r8f-96gm-5j6g.json b/advisories/github-reviewed/2026/04/GHSA-5r8f-96gm-5j6g/GHSA-5r8f-96gm-5j6g.json
@@ -0,0 +1,67 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5r8f-96gm-5j6g",
+  "modified": "2026-04-01T00:00:34Z",
+  "published": "2026-04-01T00:00:34Z",
+  "aliases": [],
+  "summary": "OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`",
+  "details": "## Summary\n\nThe `chat.send` path reused command authorization to trigger `/reset` session rotation even though direct session reset is an admin-only control-plane operation.\n\n## Impact\n\nA write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id without admin scope.\n\n## Affected Component\n\n`src/gateway/server-methods/chat.ts, src/auto-reply/reply/session.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `be00fcfccb` (`Gateway: align chat.send reset scope checks`).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5r8f-96gm-5j6g"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/be00fcfccba108f88dc3d4380146c6e058770b03"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284",
+      "CWE-863"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T00:00:34Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-63mg-xp9j-jfcm/GHSA-63mg-xp9j-jfcm.json b/advisories/github-reviewed/2026/04/GHSA-63mg-xp9j-jfcm/GHSA-63mg-xp9j-jfcm.json
@@ -0,0 +1,76 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-63mg-xp9j-jfcm",
+  "modified": "2026-04-01T00:01:10Z",
+  "published": "2026-04-01T00:01:10Z",
+  "aliases": [
+    "CVE-2026-33578"
+  ],
+  "summary": "OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade",
+  "details": "## Summary\n\nWhen only a route-level group allowlist was configured, sender policy resolution silently downgraded from `allowlist` to `open` instead of preserving the configured group policy.\n\n## Impact\n\nAny member of an allowlisted Google Chat space or Zalouser group could interact with the bot even when the operator intended sender-level restrictions.\n\n## Affected Component\n\n`extensions/googlechat/src/monitor-access.ts, extensions/zalouser/src/monitor.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `e64a881ae0` (`Channels: preserve routed group policy`).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-63mg-xp9j-jfcm"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33578"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/e64a881ae0fb8af18e451163f4c2d611d60cc8e4"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-sender-policy-allowlist-bypass-via-policy-downgrade-in-google-chat-and-zalouser-extensions"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T00:01:10Z",
+    "nvd_published_at": "2026-03-31T15:16:14Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-p4x4-2r7f-wjxg/GHSA-p4x4-2r7f-wjxg.json b/advisories/github-reviewed/2026/04/GHSA-p4x4-2r7f-wjxg/GHSA-p4x4-2r7f-wjxg.json
@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p4x4-2r7f-wjxg",
+  "modified": "2026-04-01T00:02:20Z",
+  "published": "2026-04-01T00:02:20Z",
+  "aliases": [],
+  "summary": "OpenClaw gateway exec allow-always over-trusts positional carrier executables",
+  "details": "## Summary\n\nAllow-always persistence could trust wrapper carrier executables instead of the actual invoked target when commands were routed through dispatch wrappers.\n\n## Impact\n\nA one-time approval could persist a broader future allowlist entry than the operator intended, weakening execution approval boundaries.\n\n## Affected Component\n\n`src/infra/exec-approvals-allowlist.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `9ec44fad39` (`Exec approvals: reject wrapper carrier allow-always targets`).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p4x4-2r7f-wjxg"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/9ec44fad390f0bc1c29c3cc418b322560cb0222b"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T00:02:20Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-qxgf-hmcj-3xw3/GHSA-qxgf-hmcj-3xw3.json b/advisories/github-reviewed/2026/04/GHSA-qxgf-hmcj-3xw3/GHSA-qxgf-hmcj-3xw3.json
@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qxgf-hmcj-3xw3",
+  "modified": "2026-04-01T00:01:51Z",
+  "published": "2026-04-01T00:01:51Z",
+  "aliases": [],
+  "summary": "OpenClaw affected by SSRF via unguarded image download in fal provider",
+  "details": "## Summary\n\nThe fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path.\n\n## Impact\n\nA malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses through the image pipeline.\n\n## Affected Component\n\n`extensions/fal/image-generation-provider.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `80d1e8a11a` (`fal: guard image fetches`).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.28"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.24"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T00:01:51Z",
+    "nvd_published_at": null
+  }
+}
