Publish Advisories

GHSA-fhvm-j76f-qmjv
GHSA-h89v-j3x9-8wqj
GHSA-mv9j-6xhh-g383
GHSA-qrq5-wjgg-rvqw
GHSA-qw99-grcx-4pvm
GHSA-x9p5-w45c-7ffc
GHSA-xc68-rrqc-qgq3

Author: advisory-database[bot]

advisories/github-reviewed/2026/02/GHSA-fhvm-j76f-qmjv/GHSA-fhvm-j76f-qmjv.json

@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fhvm-j76f-qmjv",
-  "modified": "2026-03-05T21:45:49Z",
+  "modified": "2026-03-06T00:58:46Z",
   "published": "2026-02-17T21:34:36Z",
   "aliases": [
     "CVE-2026-28454"
   ],
   "summary": "OpenClaw has a potential access-group authorization bypass if channel type lookup fails",
   "details": "## Summary\n\nWhen Telegram webhook mode is enabled without a configured webhook secret, OpenClaw may accept unauthenticated HTTP POST requests at the Telegram webhook endpoint and trust attacker-controlled update JSON. This can allow forged Telegram updates that spoof `message.from.id` / `chat.id`, potentially bypassing sender allowlists and executing privileged bot commands.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.1.30`\n- Patched: `>= 2026.2.1`\n\n## Impact\n\nAn attacker who can reach the webhook endpoint can forge Telegram updates and impersonate allowlisted/paired senders by spoofing fields in the webhook payload (for example `message.from.id`). Impact depends on enabled commands/tools and the deployment’s network exposure.\n\n## Mitigations / Workarounds\n\n- Configure a strong `channels.telegram.webhookSecret` and ensure your reverse proxy forwards the `X-Telegram-Bot-Api-Secret-Token` header unchanged.\n\n## Fix Commit(s)\n\n- ca92597e1f9593236ad86810b66633144b69314d (config validation: `webhookUrl` requires `webhookSecret`)\n\nDefense-in-depth / supporting fixes:\n\n- 5643a934799dc523ec2ef18c007e1aa2c386b670 (default webhook listener bind host to loopback)\n- 3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930 (bound webhook request body size/time)\n- 633fe8b9c17f02fcc68ecdb5ec212a5ace932f09 (runtime guard: reject webhook startup when secret is missing/empty)\n\n## Release Process Note\n\n`patched_versions` is set to the first fixed release (`2026.2.1`).\n\nThanks @yueyueL for reporting.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
@@ -40,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fhvm-j76f-qmjv"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28454"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/3cbcba10cf30c2ffb898f0d8c7dfb929f15f8930"
@@ -63,15 +71,20 @@
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-unauthenticated-telegram-webhook"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-285"
+      "CWE-285",
+      "CWE-345"
     ],
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-17T21:34:36Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-05T22:16:17Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-h89v-j3x9-8wqj/GHSA-h89v-j3x9-8wqj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h89v-j3x9-8wqj",
-  "modified": "2026-03-05T21:45:06Z",
+  "modified": "2026-03-06T00:58:53Z",
   "published": "2026-02-18T00:52:54Z",
   "aliases": [
     "CVE-2026-28452"
@@ -12,6 +12,10 @@
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
   "affected": [
@@ -59,6 +63,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h89v-j3x9-8wqj"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28452"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/5f4b29145c236d124524c2c9af0f8acd048fbdea"
@@ -74,15 +82,20 @@
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unguarded-archive-extraction-in-extractarchive"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-400"
+      "CWE-400",
+      "CWE-770"
     ],
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-18T00:52:54Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-05T22:16:17Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-mv9j-6xhh-g383/GHSA-mv9j-6xhh-g383.json

@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mv9j-6xhh-g383",
-  "modified": "2026-03-05T21:44:25Z",
+  "modified": "2026-03-06T00:58:42Z",
   "published": "2026-02-17T21:31:17Z",
   "aliases": [
     "CVE-2026-28450"
   ],
   "summary": "OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering",
   "details": "## Summary\nThe OpenClaw Nostr channel plugin (optional, disabled by default, installed separately) exposes profile management HTTP endpoints under `/api/channels/nostr/:accountId/profile` (GET/PUT) and `/api/channels/nostr/:accountId/profile/import` (POST). In affected versions, these routes were dispatched via the gateway plugin HTTP layer without requiring gateway authentication, allowing unauthenticated remote callers to read or mutate the Nostr profile and persist changes to the gateway config. Profile updates are also published as a signed Nostr kind:0 event using the bot's private key.\n\nDeployments that do not have the Nostr plugin installed and enabled are not impacted.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.9`\n- Fixed versions: `>= 2026.2.12`\n- Scope note: only affects deployments with the optional `@openclaw/nostr` plugin installed and enabled\n\n## Details\nThis is exploitable when the gateway HTTP port is reachable beyond localhost (for example: bound to `0.0.0.0`, exposed on a LAN, behind a reverse proxy, or via Tailscale Funnel/Serve).\n\nUnauthenticated callers could update the Nostr profile and persist the new profile in the gateway config.\n\n## Mitigation\nUpgrade to `openclaw` `2026.2.12` or later.\n\nAs a temporary mitigation, restrict gateway HTTP exposure (bind loopback-only and/or enforce network-layer access controls) until upgraded.\n\n## Fix\nGateway now requires gateway authentication for plugin HTTP requests under `/api/channels/*` before dispatching to plugin handlers.\n\nFix commit(s):\n- 647d929c9d0fd114249230d939a5cb3b36dc70e7\n\nThanks @simecek for reporting.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
@@ -40,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mv9j-6xhh-g383"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28450"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/647d929c9d0fd114249230d939a5cb3b36dc70e7"
@@ -51,6 +59,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.12"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-profile-tampering-via-nostr-plugin-http-endpoints"
     }
   ],
   "database_specific": {
@@ -61,6 +73,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-17T21:31:17Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-05T22:16:17Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-qrq5-wjgg-rvqw/GHSA-qrq5-wjgg-rvqw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qrq5-wjgg-rvqw",
-  "modified": "2026-03-05T21:43:26Z",
+  "modified": "2026-03-06T00:59:21Z",
   "published": "2026-02-17T21:39:24Z",
   "aliases": [
     "CVE-2026-28447"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qrq5-wjgg-rvqw"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28447"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/d03eca8450dc493b198a88b105fd180895238e5"
@@ -60,6 +64,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-17T21:39:24Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-05T22:16:16Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-qw99-grcx-4pvm/GHSA-qw99-grcx-4pvm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qw99-grcx-4pvm",
-  "modified": "2026-03-05T21:42:43Z",
+  "modified": "2026-03-06T00:58:28Z",
   "published": "2026-02-17T17:09:43Z",
   "aliases": [
     "CVE-2026-28395"
@@ -12,6 +12,10 @@
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -40,26 +44,39 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qw99-grcx-4pvm"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28395"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/8d75a496bf5aaab1755c56cf48502d967c75a1d0"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/a1e89afcc19efd641c02b24d66d689f181ae2b5c"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
     },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.12"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-unintended-public-binding-of-chrome-extension-relay-via-wildcard-cdpurl"
     }
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-1327",
       "CWE-284"
     ],
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-17T17:09:43Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-05T22:16:16Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-x9p5-w45c-7ffc/GHSA-x9p5-w45c-7ffc.json

@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x9p5-w45c-7ffc",
-  "modified": "2026-03-05T22:28:48Z",
+  "modified": "2026-03-06T00:58:07Z",
   "published": "2026-03-05T19:50:35Z",
   "aliases": [
     "CVE-2026-26196"
   ],
   "summary": "Gogs: Access tokens get exposed through URL params in API requests",
   "details": "### Summary\n\nThe Gogs API still accepts tokens in URL parameters such as `token` and `access_token`, which can leak through logs, browser history, and referrers.\n\n### Details\n\nA static review shows that the API still checks tokens in the URL query before looking at headers:\n\n  - internal/context/auth.go reads `c.Query(\"token\")`\n  - internal/context/auth.go falls back to `c.Query(\"access_token\")`\n  - internal/context/auth.go only checks the `Authorization` header when the query token is empty\n  - internal/context/auth.go authenticates using that token and marks the request as token-authenticated\n\nToken-authenticated requests are accepted by API routes through `c.IsTokenAuth` checks:\n  - internal/route/api/v1/api.go\n\n### Impact\n\nIf tokens are sent in URLs such as `/api/v1/user?token=...`, they can leak in logs, browser or shell history, and referrer headers, and can be reused until revoked.\n\n### Recommended Fix\n\n- Authentication headers should be used exclusively for token transmission.\n- Token parameters should be blocked at the proxy or WAF level.\n- Query strings should be scrubbed from logs.\n- A strict referrer policy should be set.\n\n### Remediation\n\nA fix is available at https://github.com/gogs/gogs/releases/tag/v0.14.2.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"

advisories/github-reviewed/2026/03/GHSA-xc68-rrqc-qgq3/GHSA-xc68-rrqc-qgq3.json

@@ -79,7 +79,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-77"
     ],
     "severity": "MODERATE",
     "github_reviewed": true,