Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 472841114a6a · 2026-02-18T00:48:39.000Z
GHSA-cv7m-c9jx-vg7q GHSA-m7x8-2w3w-pr42
diff --git a/advisories/github-reviewed/2026/02/GHSA-cv7m-c9jx-vg7q/GHSA-cv7m-c9jx-vg7q.json b/advisories/github-reviewed/2026/02/GHSA-cv7m-c9jx-vg7q/GHSA-cv7m-c9jx-vg7q.json
@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cv7m-c9jx-vg7q",
+  "modified": "2026-02-18T00:46:49Z",
+  "published": "2026-02-18T00:46:49Z",
+  "aliases": [
+    "CVE-2026-26329"
+  ],
+  "summary": "OpenClaw has a path traversal in browser upload allows local file read",
+  "details": "## Summary\n\nAuthenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's `upload` action. The server passed these paths to Playwright's `setInputFiles()` APIs without restricting them to a safe root.\n\nSeverity remains **High** due to the impact (arbitrary local file read on the Gateway host), even though exploitation requires authenticated access.\n\n## Exploitability / Preconditions\n\nThis is not a \"drive-by\" issue.\n\nAn attacker must:\n\n- Reach the Gateway HTTP surface (or otherwise invoke the same browser control hook endpoints).\n- Present valid Gateway auth (bearer token / password), as required by the Gateway configuration.\n  - In common default setups, the Gateway binds to loopback and the onboarding wizard generates a gateway token even for loopback.\n- Have the `browser` tool permitted by tool policy for the target session/context (and have browser support enabled).\n\nIf an operator exposes the Gateway beyond loopback (LAN/tailnet/custom bind, reverse proxy, tunnels, etc.), the impact increases accordingly.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Vulnerable: `< 2026.2.14` (includes latest published `2026.2.13`)\n- Patched: `>= 2026.2.14` (planned next release)\n\n## Details\n\n**Entry points**:\n\n- `POST /tools/invoke` with `{\"tool\":\"browser\",\"action\":\"upload\",...}`\n- `POST /hooks/file-chooser` (browser control hook)\n\nWhen the upload paths are not validated, Playwright reads the referenced files from the local filesystem and attaches them to a page-level `<input type=\"file\">`. Contents can then be exfiltrated by page JavaScript (e.g. via `FileReader`) or via agent/browser snapshots.\n\nImpact: arbitrary local file read on the Gateway host (confidentiality impact).\n\n## Fix\n\nUpload paths are now confined to OpenClaw's temp uploads root (`DEFAULT_UPLOAD_DIR`) and traversal/escape paths are rejected.\n\nThis fix was implemented internally; the reporter provided a clear reproduction and impact analysis.\n\nFix commit(s):\n\n- 3aa94afcfd12104c683c9cad81faf434d0dadf87\n\nThanks @p80n-sec for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.2.14"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cv7m-c9jx-vg7q"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/3aa94afcfd12104c683c9cad81faf434d0dadf87"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-18T00:46:49Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/02/GHSA-m7x8-2w3w-pr42/GHSA-m7x8-2w3w-pr42.json b/advisories/github-reviewed/2026/02/GHSA-m7x8-2w3w-pr42/GHSA-m7x8-2w3w-pr42.json
@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m7x8-2w3w-pr42",
+  "modified": "2026-02-18T00:46:55Z",
+  "published": "2026-02-18T00:46:54Z",
+  "aliases": [
+    "CVE-2026-26323"
+  ],
+  "summary": "OpenClaw has a command injection in maintainer clawtributors updater",
+  "details": "### Summary\nCommand injection in the maintainer/dev script `scripts/update-clawtributors.ts`.\n\n### Impact\nAffects contributors/maintainers (or CI) who run `bun scripts/update-clawtributors.ts` in a source checkout that contains a malicious commit author email (e.g. crafted `@users.noreply.github.com` values).\n\nNormal CLI usage is not affected (`npm i -g openclaw`): this script is not part of the shipped CLI and is not executed during routine operation.\n\n### Affected Versions\n- Source checkouts: tags `v2026.1.8` through `v2026.2.13` (inclusive)\n- Version range (structured): `>= 2026.1.8, < 2026.2.14`\n\n### Details\nThe script derived a GitHub login from `git log` author metadata and interpolated it into a shell command (via `execSync`). A malicious commit record could inject shell metacharacters and execute arbitrary commands when the script is run.\n\n### Fix\n- Fix commit: `a429380e337152746031d290432a4b93aa553d55`\n- Planned patched version: `2026.2.14`\n\n### Credits\nThanks @scanleale and @MegaManSec (https://joshua.hu) of [AISLE Research Team](https://aisle.com/) for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2026.1.8"
+            },
+            {
+              "fixed": "2026.2.14"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m7x8-2w3w-pr42"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/a429380e337152746031d290432a4b93aa553d55"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-18T00:46:54Z",
+    "nvd_published_at": null
+  }
+}
