Publish Advisories

GHSA-5xfq-5mr7-426q
GHSA-7vwx-582j-j332
GHSA-mj5r-hh7j-4gxf
GHSA-x2g5-fvc2-gqvp

Author: advisory-database[bot]

advisories/github-reviewed/2026/02/GHSA-5xfq-5mr7-426q/GHSA-5xfq-5mr7-426q.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5xfq-5mr7-426q",
-  "modified": "2026-02-18T00:57:30Z",
+  "modified": "2026-03-05T21:55:03Z",
   "published": "2026-02-18T00:57:30Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-28482"
+  ],
   "summary": "OpenClaw's unsanitized session ID enables path traversal in transcript file operations",
   "details": "## Description\n\nOpenClaw versions **<= 2026.2.9** construct transcript file paths using an unsanitized `sessionId` and also accept `sessionFile` paths without enforcing that they stay within the agent sessions directory.\n\nA crafted `sessionId` and/or `sessionFile` (example: `../../etc/passwd`) can cause path traversal when the gateway performs transcript file read/write operations.\n\n**Preconditions:** an attacker must be able to authenticate to the gateway (gateway token/password). By default the gateway binds to `loopback` (local-only); configurations that expose the gateway widen the attack surface.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.2.9`\n- Fixed: `>= 2026.2.12`\n\n## Fix\n\nFixed by validating session IDs (rejecting path separators / traversal sequences) and enforcing sessions-directory containment for session transcript file operations.\n\n### Fix Commit(s)\n\n- `4199f9889f0c307b77096a229b9e085b8d856c26`\n\n### Additional Hardening\n\n- `cab0abf52ac91e12ea7a0cf04fff315cf0c94d64`\n\n## Mitigation\n\nUpgrade to `openclaw >= 2026.2.12`.\n\nThanks @akhmittra for reporting.",
   "severity": [

advisories/github-reviewed/2026/02/GHSA-7vwx-582j-j332/GHSA-7vwx-582j-j332.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7vwx-582j-j332",
-  "modified": "2026-02-17T21:38:14Z",
+  "modified": "2026-03-05T21:54:43Z",
   "published": "2026-02-17T21:38:14Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-28481"
+  ],
   "summary": "OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains",
   "details": "## Summary\n\nNOTE: This only affects deployments that enable the optional MS Teams extension (Teams channel). If you do not use MS Teams, you are not impacted.\n\nWhen OpenClaw downloads inbound MS Teams attachments / inline images, it may retry a URL with an `Authorization: Bearer <token>` header after receiving `401` or `403`.\n\nBecause the default download allowlist uses suffix matching (and includes some multi-tenant suffix domains), a message that references an untrusted but allowlisted host could cause that bearer token to be sent to the wrong place.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Vulnerable: `<= 2026.1.30`\n- Patched: `>= 2026.2.1`\n\n## Fix\n\n- Fix commit: `41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b`\n- Upgrade to `openclaw >= 2026.2.1`\n\n## Workarounds\n\n- If you do not need MS Teams, disable the MS Teams extension.\n- If you must stay on an older version, ensure the auth host allowlist is strict (only Microsoft-owned endpoints that require auth) and avoid wildcard or broad suffix entries.\n\n## Credits\n\nThanks @yueyueL for reporting.",
   "severity": [

advisories/github-reviewed/2026/02/GHSA-mj5r-hh7j-4gxf/GHSA-mj5r-hh7j-4gxf.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mj5r-hh7j-4gxf",
-  "modified": "2026-02-18T00:54:32Z",
+  "modified": "2026-03-05T21:54:21Z",
   "published": "2026-02-18T00:54:32Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-28480"
+  ],
   "summary": "OpenClaw Telegram allowlist authorization accepted mutable usernames",
   "details": "## Summary\nTelegram allowlist authorization could match on `@username` (mutable/recyclable) instead of immutable numeric sender IDs.\n\n## Impact\nOperators who treat Telegram allowlists as strict identity controls could unintentionally grant access if a username changes hands (identity rebinding/spoof risk). This can allow an unauthorized sender to interact with the bot in allowlist mode.\n\n## Affected Packages / Versions\n- npm `openclaw`: <= 2026.2.13\n- npm `clawdbot`: <= 2026.1.24-3\n\n## Fix\nTelegram allowlist authorization now requires numeric Telegram sender IDs only. `@username` allowlist principals are rejected.\n\nA security audit warning was added to flag legacy configs that still contain non-numeric Telegram allowlist entries.\n\n`openclaw doctor --fix` now attempts to resolve `@username` allowFrom entries to numeric IDs (best-effort; requires a Telegram bot token).\n\n## Fix Commit(s)\n- e3b432e481a96b8fd41b91273818e514074e05c3\n- 9e147f00b48e63e7be6964e0e2a97f2980854128\n\nThanks @vincentkoc for reporting.",
   "severity": [

advisories/github-reviewed/2026/03/GHSA-x2g5-fvc2-gqvp/GHSA-x2g5-fvc2-gqvp.json

@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x2g5-fvc2-gqvp",
+  "modified": "2026-03-05T21:54:31Z",
+  "published": "2026-03-05T21:54:31Z",
+  "aliases": [],
+  "summary": "Flowise has Insufficient Password Salt Rounds",
+  "details": "### Description\nThe default bcrypt salt rounds is set to 5, which is below the recommended minimum for security.\n\n### Affected Code\n```\nexport function getHash(value: string) {\n    const salt = bcrypt.genSaltSync(parseInt(process.env.PASSWORD_SALT_HASH_ROUNDS || '5'))\n    return bcrypt.hashSync(value, salt)\n}\n```\n\n### Evidence\nUsing 5 salt rounds provides 2^5 = 32 iterations, which is far below the OWASP recommendation of 10 (2^10 = 1024 iterations) for bcrypt. This makes password hashes vulnerable to brute-force attacks with modern hardware.\n\n### Impact\nFaster password cracking - in the event of database compromise, attackers can crack password hashes significantly faster than with proper salt rounds, potentially compromising all user accounts.\n\n### Recommendation\nIncrease default PASSWORD_SALT_HASH_ROUNDS to at least 10 (recommended by OWASP). Consider using 12 for better security-performance balance. Document that higher values increase login time but improve security.\n\n### Notes\nThe default bcrypt salt rounds is 5 (line 6), which provides only 2^5=32 iterations. OWASP recommends minimum 10 rounds (1024 iterations) for bcrypt. While configurable via PASSWORD_SALT_HASH_ROUNDS env var, the default matters because: (1) most deployments use defaults, (2) existing password hashes at 5 rounds remain vulnerable even if later increased. With modern GPUs, 5 rounds allows ~300,000 hashes/second vs ~10,000/second at 10 rounds - a 30x difference in cracking speed. In a database breach scenario, all user passwords could be cracked significantly faster. The same weak default is used in resetPassword (account.service.ts:568). This is a cryptographic weakness with real-world impact on password security.\n\n**Detection Method:** Kolega.dev Deep Code Scan\n\n| Attribute | Value |\n|---|---|\n| Severity | Medium |\n| CWE | CWE-916 (Use of Password Hash With Insufficient Computational Effort) |\n| Location | packages/server/src/enterprise/utils/encryption.util.ts:5-7 |\n| Practical Exploitability | Medium |\n| Developer Approver | faizan@kolega.ai |",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "flowise"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.0.13"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 3.0.12"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x2g5-fvc2-gqvp"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FlowiseAI/Flowise/pull/5665"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/FlowiseAI/Flowise"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-328",
+      "CWE-916"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-05T21:54:31Z",
+    "nvd_published_at": null
+  }
+}