openclaw 2026.4.20-beta.1

Direct Vulnerabilities

Known vulnerabilities in the openclaw package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Missing Authorization openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the `command-auth.ts` process. An attacker can gain unauthorized access to owner-enforced commands by sending commands from a non-owner sender when a channel plugin enforces owner-only commands, the channel accepts wildcard inbound senders, and no explicit owner allow list is configured. This is only exploitable if the channel plugin has `commands.enforceOwnerForCommands` set to true, `allowFrom` includes a wildcard ("*"), and `commands.ownerAllowFrom` is not explicitly set. How to fix Missing Authorization? Upgrade `openclaw` to version 2026.4.21 or higher.	<2026.4.21
M Incorrect Authorization openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the paired-device pairing management process. An attacker can gain unauthorized access to approve or operate on unrelated pending device requests by leveraging paired-device access within the same gateway scope. How to fix Incorrect Authorization? Upgrade `openclaw` to version 2026.4.20 or higher.	<2026.4.20
L Incorrect Authorization openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the `assistant-media` route. An attacker can access protected media files and metadata by bypassing HTTP authentication path scope validation. How to fix Incorrect Authorization? Upgrade `openclaw` to version 2026.4.20 or higher.	<2026.4.20
C Arbitrary Code Injection openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the upstream API requests. An attacker can execute arbitrary code by injecting malicious prompts into requests. How to fix Arbitrary Code Injection? There is no fixed version for `openclaw`.	>=0.0.0

Vulnerability

Vulnerable Version

Missing Authorization

openclaw is a 🦞 OpenClaw — Personal AI Assistant

Affected versions of this package are vulnerable to Missing Authorization via the command-auth.ts process. An attacker can gain unauthorized access to owner-enforced commands by sending commands from a non-owner sender when a channel plugin enforces owner-only commands, the channel accepts wildcard inbound senders, and no explicit owner allow list is configured. This is only exploitable if the channel plugin has commands.enforceOwnerForCommands set to true, allowFrom includes a wildcard ("*"), and commands.ownerAllowFrom is not explicitly set.

How to fix Missing Authorization?

Upgrade openclaw to version 2026.4.21 or higher.

<2026.4.21

Incorrect Authorization

openclaw is a 🦞 OpenClaw — Personal AI Assistant

Affected versions of this package are vulnerable to Incorrect Authorization in the paired-device pairing management process. An attacker can gain unauthorized access to approve or operate on unrelated pending device requests by leveraging paired-device access within the same gateway scope.

How to fix Incorrect Authorization?

Upgrade openclaw to version 2026.4.20 or higher.

<2026.4.20

Incorrect Authorization

openclaw is a 🦞 OpenClaw — Personal AI Assistant

Affected versions of this package are vulnerable to Incorrect Authorization via the assistant-media route. An attacker can access protected media files and metadata by bypassing HTTP authentication path scope validation.

How to fix Incorrect Authorization?

Upgrade openclaw to version 2026.4.20 or higher.

<2026.4.20

Arbitrary Code Injection

openclaw is a 🦞 OpenClaw — Personal AI Assistant

Affected versions of this package are vulnerable to Arbitrary Code Injection via the upstream API requests. An attacker can execute arbitrary code by injecting malicious prompts into requests.

How to fix Arbitrary Code Injection?

There is no fixed version for openclaw.

>=0.0.0

openclaw@2026.4.20-beta.1

Multi-channel AI gateway with extensible messaging integrations

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically