Publish Advisories

GHSA-6xg4-82hv-cp6f
GHSA-5hff-46vh-rxmw
GHSA-vjx8-8p7h-82gr

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-6xg4-82hv-cp6f/GHSA-6xg4-82hv-cp6f.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6xg4-82hv-cp6f",
-  "modified": "2026-03-31T23:57:51Z",
+  "modified": "2026-04-20T23:45:19Z",
   "published": "2026-03-31T23:57:51Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-41299"
+  ],
   "summary": "OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing",
   "details": "## Summary\n\nACP-only provenance fields in `chat.send` were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state.\n\n## Impact\n\nA normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge.\n\n## Affected Component\n\n`src/gateway/server-methods/chat.ts, src/gateway/server/ws-connection/message-handler.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `4b9542716c` (`Gateway: require verified scope for chat provenance`).",
   "severity": [],

advisories/github-reviewed/2026/04/GHSA-5hff-46vh-rxmw/GHSA-5hff-46vh-rxmw.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5hff-46vh-rxmw",
-  "modified": "2026-04-07T18:15:37Z",
+  "modified": "2026-04-20T23:45:00Z",
   "published": "2026-04-07T18:15:37Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-41298"
+  ],
   "summary": "OpenClaw: Read-scoped identity-bearing HTTP clients could kill sessions via /sessions/:sessionKey/kill",
   "details": "## Summary\n\nBefore OpenClaw 2026.4.2, `POST /sessions/:sessionKey/kill` did not enforce write scopes in identity-bearing HTTP modes. A caller limited to read-only operator scopes could still terminate a running subagent session.\n\n## Impact\n\nA read-scoped caller could perform a write-class control-plane mutation and interrupt delegated work. This was an authorization bug on the HTTP scope boundary, not a shared-secret compatibility exception.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `54a0878517167c6e49900498cf77420dadb74beb` — enforce session-kill HTTP scopes\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @EaEa0001 for reporting.",
   "severity": [

advisories/github-reviewed/2026/04/GHSA-vjx8-8p7h-82gr/GHSA-vjx8-8p7h-82gr.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vjx8-8p7h-82gr",
-  "modified": "2026-04-07T18:10:45Z",
+  "modified": "2026-04-20T23:44:41Z",
   "published": "2026-04-07T18:10:45Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-41297"
+  ],
   "summary": "OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection",
   "details": "## Summary\nMarketplace Plugin Download Follows Redirects Without SSRF Protection\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still uses bare redirect-following fetch in src/plugins/marketplace.ts for marketplace archives, and fixed-on-main only does not change that shipped SSRF exposure.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `2ce44ca6a1302b166a128abbd78f72114f2f4f52` — 2026-03-31T12:59:42+01:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @AntAISecurityLab for reporting.",
   "severity": [