openclaw@2026.2.21 vulnerabilities

Multi-channel AI gateway with extensible messaging integrations

latest version

2026.3.1

latest non vulnerable version

2026.3.1

first published

1 months ago

latest version published

16 hours ago

licenses detected

MIT
>=2026.1.29-beta.1

View openclaw package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the openclaw package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Incorrect Authorization openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the `resolvePermissionRequest`, `resolveToolNameForPermission`, and `shouldAutoApproveToolCall` functions. An attacker can gain unauthorized access to resources by crafting tool calls with spoofed metadata or non-core read-like names that bypass interactive approval prompts. How to fix Incorrect Authorization? Upgrade `openclaw` to version 2026.2.23-beta.1 or higher.	<2026.2.23-beta.1
H Incomplete List of Disallowed Inputs openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the `tools.exec.safeBins` validation when validating options for `sort`. An attacker can execute unauthorized commands by supplying GNU long-option abbreviations (such as `--compress-prog`) that bypass the intended approval mechanism. Note: This is exploitable only if all of these conditions are present: `tools.exec.security=allowlist`, `tools.exec.ask=on-miss`. How to fix Incomplete List of Disallowed Inputs? Upgrade `openclaw` to version 2026.2.23 or higher.	<2026.2.23

Incorrect Authorization

openclaw is a 🦞 OpenClaw — Personal AI Assistant

Affected versions of this package are vulnerable to Incorrect Authorization via the resolvePermissionRequest, resolveToolNameForPermission, and shouldAutoApproveToolCall functions. An attacker can gain unauthorized access to resources by crafting tool calls with spoofed metadata or non-core read-like names that bypass interactive approval prompts.

How to fix Incorrect Authorization?

Upgrade openclaw to version 2026.2.23-beta.1 or higher.

<2026.2.23-beta.1

Incomplete List of Disallowed Inputs

openclaw is a 🦞 OpenClaw — Personal AI Assistant

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the tools.exec.safeBins validation when validating options for sort. An attacker can execute unauthorized commands by supplying GNU long-option abbreviations (such as --compress-prog) that bypass the intended approval mechanism.

Note: This is exploitable only if all of these conditions are present: tools.exec.security=allowlist, tools.exec.ask=on-miss.

How to fix Incomplete List of Disallowed Inputs?

Upgrade openclaw to version 2026.2.23 or higher.

<2026.2.23

Go back to all versions of this package