Publish Advisories

GHSA-4qwc-c7g9-4xcw
GHSA-65h8-27jh-q8wv
GHSA-cg6c-q2hx-69h7
GHSA-rhfg-j8jq-7v2h
GHSA-rm59-992w-x2mv
GHSA-2j53-2c28-g9v2
GHSA-36cp-mh65-x882
GHSA-6v7q-wjvx-w8wg
GHSA-8j7f-g9gv-7jhc
GHSA-9gvx-vj57-vqqx
GHSA-9qq8-cgcv-qmc9
GHSA-fw9q-39r9-c252
GHSA-h9cx-xjg6-5v2w
GHSA-hm63-vwj4-mj2q
GHSA-j56c-wpqm-h24x
GHSA-8j7f-g9gv-7jhc

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-4qwc-c7g9-4xcw/GHSA-4qwc-c7g9-4xcw.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4qwc-c7g9-4xcw",
-  "modified": "2026-03-26T19:50:06Z",
+  "modified": "2026-04-10T20:19:35Z",
   "published": "2026-03-26T19:50:06Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-35633"
+  ],
   "summary": "OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure",
   "details": "## Summary\nRemote media HTTP error bodies were read without a hard size cap before failure handling, allowing unbounded allocation on error responses.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `81445a901091a5d27ef0b56fceedbe4724566438`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/media/fetch.ts now routes non-2xx failures through bounded prefix reads instead of buffering the whole error body.\n- src/media/read-response-with-limit.ts enforces capped reads and truncates oversized snippets before surfacing failure text.\n\nOpenClaw thanks @YLChen-007 for reporting.",
   "severity": [
@@ -38,13 +40,25 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35633"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2026/03/GHSA-65h8-27jh-q8wv/GHSA-65h8-27jh-q8wv.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-65h8-27jh-q8wv",
-  "modified": "2026-03-26T19:08:35Z",
+  "modified": "2026-04-10T20:19:14Z",
   "published": "2026-03-26T19:08:34Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-35627"
+  ],
   "summary": "OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement",
   "details": "## Summary\nNostr inbound DM handling could perform crypto and dispatch work before sender and pairing policy enforcement, enabling unauthorized pre-auth computation.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `1ee9611079e81b9122f4bed01abb3d9f56206c77`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/nostr/src/channel.ts now performs authorization before decrypting and dispatching inbound DM content.\n- extensions/nostr/src/nostr-bus.ts adds pre-crypto authorization, size, and rate guardrails before expensive decrypt work.\n\nOpenClaw thanks @kuranikaran for reporting.",
   "severity": [
@@ -38,13 +40,25 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35627"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/1ee9611079e81b9122f4bed01abb3d9f56206c77"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-cryptographic-work-in-nostr-inbound-dm-handling"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2026/03/GHSA-cg6c-q2hx-69h7/GHSA-cg6c-q2hx-69h7.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cg6c-q2hx-69h7",
-  "modified": "2026-04-09T13:43:38Z",
+  "modified": "2026-04-10T20:18:52Z",
   "published": "2026-03-26T18:56:32Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-35618"
+  ],
   "summary": "OpenClaw: Plivo V2 verified replay identity drifts on query-only variants",
   "details": "## Summary\nBefore `v2026.3.23`, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate `baseUrl + nonce`, but the replay key was derived from the full verification URL including the query string, so unsigned query-only changes minted a new `verifiedRequestKey`.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: `< 2026.3.23`\n- Fixed: `>= 2026.3.23`\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Root Cause\nThe vulnerable logic lived in `extensions/voice-call/src/webhook-security.ts`. V2 signature validation already canonicalized to the base URL without query parameters, but the replay key used the full `verificationUrl`, letting query-only variants bypass replay identity stability.\n\n## Fix Commit(s)\n- `b0ce53a79cf63834660270513e26d921899b4e5b` — `fix(voice-call): stabilize plivo v2 replay keys`\n\n## Release Status\nThe fix commit is contained in released tags `v2026.3.23` and `v2026.3.23-2`. The latest shipped tag and npm release both include the fix.\n\n## Code-Level Confirmation\n- `extensions/voice-call/src/webhook-security.ts` now derives the V2 replay key with `createPlivoV2ReplayKey(...)`, which hashes `getBaseUrlNoQuery(url)` plus the nonce.\n- `extensions/voice-call/src/webhook-security.test.ts` contains the regression test `treats query-only V2 variants as the same verified request`.\n\nThanks @smaeljaish771 for reporting.",
   "severity": [
@@ -38,13 +40,25 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35618"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/b0ce53a79cf63834660270513e26d921899b4e5b"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-replay-identity-drift-via-query-only-variants-in-plivo-v2-verification"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2026/03/GHSA-rhfg-j8jq-7v2h/GHSA-rhfg-j8jq-7v2h.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rhfg-j8jq-7v2h",
-  "modified": "2026-03-29T15:48:42Z",
+  "modified": "2026-04-10T20:19:25Z",
   "published": "2026-03-29T15:48:42Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-35629"
+  ],
   "summary": "OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)",
   "details": "## Summary\n\nSSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nSeveral channel extensions still used raw `fetch()` against configured base URLs without the SSRF guard that was added for CVE-2026-28476. Commit `f92c92515bd439a71bd03eb1bc969c1964f17acf` routes those outbound requests through `fetchWithSsrFGuard` so configured endpoints cannot be rebound to blocked internal destinations.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `f92c92515bd439a71bd03eb1bc969c1964f17acf`.\n\n## Fix Commit(s)\n\n- `f92c92515bd439a71bd03eb1bc969c1964f17acf`",
   "severity": [],
@@ -25,17 +27,18 @@
             }
           ]
         }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "<= 2026.3.24"
-      }
+      ]
     }
   ],
   "references": [
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35629"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acf"
@@ -47,6 +50,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2026/03/GHSA-rm59-992w-x2mv/GHSA-rm59-992w-x2mv.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rm59-992w-x2mv",
-  "modified": "2026-03-26T19:50:41Z",
+  "modified": "2026-04-10T20:19:04Z",
   "published": "2026-03-26T19:50:41Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-35626"
+  ],
   "summary": "OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling",
   "details": "## Summary\nVoice Call webhook handling buffered request bodies before provider signature checks, enabling bounded unauthenticated resource exhaustion.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `651dc7450b68a5396a009db78ef9382633707ead`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/voice-call/src/webhook.ts now enforces header gating and shared pre-auth body caps before reading attacker-controlled request bodies.\n- extensions/voice-call/src/webhook.test.ts ships regression coverage for missing-signature, oversize, and timeout pre-auth webhook cases.\n\nOpenClaw thanks @SEORY0 for reporting.",
   "severity": [
@@ -38,13 +40,25 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35626"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/651dc7450b68a5396a009db78ef9382633707ead"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-resource-exhaustion-via-voice-call-webhook"
     }
   ],
   "database_specific": {

…-2j53-2c28-g9v2/GHSA-2j53-2c28-g9v2.json …-2j53-2c28-g9v2/GHSA-2j53-2c28-g9v2.jsonadvisories/unreviewed/2026/04/GHSA-2j53-2c28-g9v2/GHSA-2j53-2c28-g9v2.json renamed to advisories/github-reviewed/2026/04/GHSA-2j53-2c28-g9v2/GHSA-2j53-2c28-g9v2.json advisories/unreviewed/2026/04/GHSA-2j53-2c28-g9v2/GHSA-2j53-2c28-g9v2.json renamed to advisories/github-reviewed/2026/04/GHSA-2j53-2c28-g9v2/GHSA-2j53-2c28-g9v2.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2j53-2c28-g9v2",
-  "modified": "2026-04-10T00:30:30Z",
+  "modified": "2026-04-10T20:19:08Z",
   "published": "2026-04-10T00:30:30Z",
-  "aliases": [
-    "CVE-2026-35627"
-  ],
-  "details": "OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through resource exhaustion.",
+  "withdrawn": "2026-04-10T20:19:08Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement",
+  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-65h8-27jh-q8wv. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through resource exhaustion.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -17,7 +17,27 @@
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.22"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "WEB",
@@ -45,8 +65,8 @@
       "CWE-696"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-10T20:19:08Z",
     "nvd_published_at": "2026-04-09T22:16:31Z"
   }
 }

…-36cp-mh65-x882/GHSA-36cp-mh65-x882.json …-36cp-mh65-x882/GHSA-36cp-mh65-x882.jsonadvisories/unreviewed/2026/04/GHSA-36cp-mh65-x882/GHSA-36cp-mh65-x882.json renamed to advisories/github-reviewed/2026/04/GHSA-36cp-mh65-x882/GHSA-36cp-mh65-x882.json advisories/unreviewed/2026/04/GHSA-36cp-mh65-x882/GHSA-36cp-mh65-x882.json renamed to advisories/github-reviewed/2026/04/GHSA-36cp-mh65-x882/GHSA-36cp-mh65-x882.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-36cp-mh65-x882",
-  "modified": "2026-04-10T00:30:30Z",
+  "modified": "2026-04-10T20:18:58Z",
   "published": "2026-04-10T00:30:30Z",
-  "aliases": [
-    "CVE-2026-35626"
-  ],
-  "details": "OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassing signature validation.",
+  "withdrawn": "2026-04-10T20:18:58Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling",
+  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rm59-992w-x2mv. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassing signature validation.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -17,7 +17,27 @@
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.22"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "WEB",
@@ -45,8 +65,8 @@
       "CWE-405"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-10T20:18:58Z",
     "nvd_published_at": "2026-04-09T22:16:31Z"
   }
 }