CVSS Score: 5.3 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-7H7G-X2PX-94HJ

The OpenClaw personal AI assistant ecosystem suffers from an insufficiently protected credentials vulnerability (CWE-522) during the device pairing process. The Gateway generates setup codes that embed permanent, shared authentication tokens rather than ephemeral bootstrap keys. Interception of these codes grants an attacker persistent access to the user's Gateway, exposing integrated AI service API keys, chat histories, and agent configurations. The vulnerability is resolved in version v2026.3.12 through the implementation of short-lived, per-device session credentials.

CVSS Score: 7.1 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-VMHQ-CQM9-6P7Q

A high-severity authorization bypass vulnerability exists in the OpenClaw AI assistant platform. It permits users with write-scoped permissions to interact with restricted administrative endpoints. This flaw enables attackers to modify or delete persistent browser profiles, hijacking browser infrastructure via malicious Chrome DevTools Protocol (CDP) URLs.

CVSS Score: Moderate Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-M69H-JM2F-2PV8

An authorization bypass vulnerability exists in the Feishu extension of the OpenClaw AI assistant framework. By exploiting an insecure default in the reaction event processing logic, attackers can trigger bot actions in restricted group contexts, bypassing mention gating and group authorization controls.

CVSS Score: 5.3 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-F8R2-VG7X-GH8M

OpenClaw versions up to 2026.3.8 suffer from an improper input validation vulnerability in the command execution allowlist mechanism. Flawed pattern matching logic, including improper lowercasing on POSIX systems and broad glob wildcard handling, allows an attacker to bypass execution restrictions and invoke unauthorized commands.

CVSS Score: 8.8 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-R7VR-GR74-94P8

OpenClaw versions prior to v2026.3.12 contain an improper authorization vulnerability in the command dispatcher logic. A missing ownership validation check allows any user on the general allowlist to execute highly sensitive administrative commands. This flaw exposes the bot configuration and debug surfaces, leading to potential information disclosure and service disruption.

CVSS Score: 9.6 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-99QW-6MR3-36QR

OpenClaw, an open-source AI agent platform, contains a critical vulnerability in its plugin auto-discovery mechanism. The platform implicitly trusts and executes code located within the .openclaw/extensions/ directory of any opened workspace. This behavior allows an attacker to achieve arbitrary code execution by convincing a user to clone and open a maliciously crafted repository.

CVSS Score: 9.9 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-WCXR-59V9-RXR8

The OpenClaw session_status tool fails to properly validate authorization boundaries when processing the sessionKey parameter. This flaw allows restricted sandboxed subagents to read or influence the state of higher-privileged parent sessions, resulting in a critical sandbox escape.

CVSS Score: 9.9 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-RQPP-RJJ8-7WV8

A critical logic flaw in the OpenClaw gateway's WebSocket authentication mechanism allows remote attackers authenticated via shared secrets to arbitrarily elevate their authorization scopes to administrative levels.

CVSS Score: 8.5 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-2RQG-GJGV-84JM

A critical vulnerability in the OpenClaw gateway architecture allows subagents to bypass workspace sandboxes by manipulating RPC parameters. By supplying arbitrary paths during agent spawning, attackers can escape the designated execution directory and achieve arbitrary file read and write on the host filesystem.

CVSS Score: 8.6 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-G353-MGV3-8PCJ

OpenClaw versions prior to 2026.3.12 contain a high-severity authentication bypass vulnerability in the Feishu channel integration. When configured in webhook mode without an encryption key, the system relies solely on a static plaintext token, allowing unauthenticated remote attackers to inject forged events and execute unauthorized actions.