Publish Advisories

GHSA-39mp-545q-w789
GHSA-4hmj-39m8-jwc7
GHSA-68f8-9mhj-h2mp
GHSA-m3mh-3mpg-37hw
GHSA-w6m8-cqvj-pg5v
GHSA-wv46-v6xc-2qhf
GHSA-2crg-3p73-43xp
GHSA-2g7h-7rqr-9p4r
GHSA-3f6h-2hrp-w5wx
GHSA-3mcx-6wxm-qr8v
GHSA-45q4-x4r9-8fqj
GHSA-fvcv-3m26-pcqx
GHSA-qh78-rvg3-cv54
GHSA-v479-vf79-mg83

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-39mp-545q-w789/GHSA-39mp-545q-w789.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-39mp-545q-w789",
-  "modified": "2026-04-10T17:19:15Z",
+  "modified": "2026-04-10T19:45:32Z",
   "published": "2026-03-30T19:06:22Z",
   "aliases": [
     "CVE-2026-35620"
@@ -12,6 +12,10 @@
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -40,18 +44,43 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-39mp-545q-w789"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35620"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/555b2578a8cc6e1b93f717496935ead97bfbed8b"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/ea018a68ccb92dbc735bc1df9880d5c95c63ca35"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-missing-authorization-in-send-and-allowlist-chat-commands"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-285"
+      "CWE-285",
+      "CWE-862"
     ],
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-30T19:06:22Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-10T17:17:04Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-4hmj-39m8-jwc7/GHSA-4hmj-39m8-jwc7.json

@@ -1,14 +1,23 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4hmj-39m8-jwc7",
-  "modified": "2026-04-10T17:23:40Z",
+  "modified": "2026-04-10T19:44:42Z",
   "published": "2026-03-29T15:50:41Z",
   "aliases": [
     "CVE-2026-35651"
   ],
   "summary": "OpenClaw has ACP CLI approval prompt ANSI escape sequence injection",
   "details": "## Summary\n\nACP CLI approval prompt ANSI escape sequence injection\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `>= 2026.2.13, <= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nACP tool titles could previously carry ANSI control sequences into approval prompts and permission logs, letting untrusted tool metadata spoof terminal output. Commit `464e2c10a5edceb380d815adb6ff56e1a4c50f60` sanitizes tool titles at the source and broadens ANSI stripping to full CSI sequences.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `464e2c10a5edceb380d815adb6ff56e1a4c50f60`.\n\n## Fix Commit(s)\n\n- `464e2c10a5edceb380d815adb6ff56e1a4c50f60`",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -38,13 +47,21 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hmj-39m8-jwc7"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35651"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/464e2c10a5edceb380d815adb6ff56e1a4c50f60"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-ansi-escape-sequence-injection-in-approval-prompt"
     }
   ],
   "database_specific": {
@@ -55,6 +72,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-29T15:50:41Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-10T17:17:05Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-68f8-9mhj-h2mp/GHSA-68f8-9mhj-h2mp.json

@@ -1,14 +1,23 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-68f8-9mhj-h2mp",
-  "modified": "2026-04-10T17:18:57Z",
+  "modified": "2026-04-10T19:45:08Z",
   "published": "2026-03-30T18:41:15Z",
   "aliases": [
     "CVE-2026-35619"
   ],
   "summary": "OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope",
   "details": "> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n## Summary\n\nThe OpenAI-compatible HTTP endpoint `/v1/models` accepts bearer auth but does not enforce operator method scopes.\n\nIn contrast, the WebSocket RPC path enforces `operator.read` for `models.list`.\n\nA caller connected with `operator.approvals` (no read scope) is rejected for `models.list` (`missing scope: operator.read`) but can still enumerate model metadata through HTTP `/v1/models`.\n\nConfirmed on current `main` at commit `06de515b6c42816b62ec752e1c221cab67b38501`.\n\n## Details\n\nThe WS control-plane path enforces role/scope checks centrally before dispatching methods. For non-admin operators, this includes required method scopes such as `operator.read` for `models.list`.\n\nThe HTTP compatibility path for `/v1/models` performs bearer authorization and then returns model metadata; it does not apply an equivalent scope check.\n\nAs reproduced, a caller with only `operator.approvals` can:\n\n1. connect successfully,\n2. fail `models.list` over WS with `missing scope: operator.read`,\n3. fetch `/v1/models` over HTTP with status 200 and model data.\n\nThis is a cross-surface authorization inconsistency where the stricter WS policy can be bypassed via HTTP.\n\n## Impact\n\n- Callers lacking `operator.read` can still enumerate gateway model metadata through HTTP compatibility routes.\n- Breaks scope model consistency between WS RPC and HTTP surfaces.\n- Weakens least-privilege expectations for operators granted non-read scopes.\n\n## Patch Suggestion\n\n### 1) Enforce read scope on `/v1/models` routes\n\nApply a scope gate equivalent to `models.list` before serving `/v1/models` or `/v1/models/:id`.\n\n### 2) Reuse centralized scope-authorization helper for HTTP compatibility endpoints\n\nUse the same operator scope logic used by WS dispatch (`authorizeOperatorScopesForMethod(...)`) to prevent policy drift.\n\n### 3) Add regression tests\n\nKeep this PoC and add explicit negative/positive controls:\n\n- `operator.approvals` without read is rejected on HTTP `/v1/models`.\n- `operator.read` is accepted on both WS `models.list` and HTTP `/v1/models`.\n\n## Credit\n\nReported by @zpbrent.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -38,9 +47,21 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68f8-9mhj-h2mp"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35619"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/06de515b6c42816b62ec752e1c221cab67b38501"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-http-v1-models-endpoint"
     }
   ],
   "database_specific": {
@@ -51,6 +72,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-30T18:41:15Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-10T17:17:04Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-m3mh-3mpg-37hw/GHSA-m3mh-3mpg-37hw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m3mh-3mpg-37hw",
-  "modified": "2026-04-10T17:20:47Z",
+  "modified": "2026-04-10T19:45:21Z",
   "published": "2026-03-30T18:52:09Z",
   "aliases": [
     "CVE-2026-35641"
@@ -12,6 +12,10 @@
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -43,18 +47,27 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m3mh-3mpg-37hw"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35641"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-npmrc-in-local-plugin-hook-installation"
     }
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-349",
       "CWE-426"
     ],
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-30T18:52:09Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-10T17:17:04Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-w6m8-cqvj-pg5v/GHSA-w6m8-cqvj-pg5v.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w6m8-cqvj-pg5v",
-  "modified": "2026-04-10T17:28:43Z",
+  "modified": "2026-04-10T19:44:53Z",
   "published": "2026-03-30T18:32:03Z",
   "aliases": [
     "CVE-2026-35665"
@@ -12,6 +12,10 @@
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -44,18 +48,27 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x4vp-4235-65hg"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35665"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-feishu-webhook-pre-auth-body-parsing"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-400"
+      "CWE-400",
+      "CWE-405"
     ],
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-30T18:32:03Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-10T17:17:08Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-wv46-v6xc-2qhf/GHSA-wv46-v6xc-2qhf.json

@@ -1,17 +1,21 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wv46-v6xc-2qhf",
-  "modified": "2026-04-10T17:30:13Z",
+  "modified": "2026-04-10T19:46:22Z",
   "published": "2026-03-26T19:08:16Z",
   "aliases": [
     "CVE-2026-35670"
   ],
   "summary": "OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution.",
   "details": "## Summary\nSynology Chat reply delivery could rebind to a mutable username match instead of the stable numeric user_id recorded by the webhook event.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `7ade3553b74ee3f461c4acd216653d5ba411f455`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/synology-chat/src/webhook-handler.ts now keeps replies bound to the stable webhook user identifier unless an explicit dangerous opt-in is enabled.\n- extensions/synology-chat/src/config-schema.ts contains the explicit dangerous opt-in seam instead of silent username rebinding.\n\nOpenClaw thanks @nexrin for reporting.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -40,23 +44,36 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wv46-v6xc-2qhf"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35670"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/7ade3553b74ee3f461c4acd216653d5ba411f455"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-webhook-reply-rebinding-via-username-resolution-in-synology-chat"
     }
   ],
   "database_specific": {
     "cwe_ids": [
       "CWE-639",
-      "CWE-706"
+      "CWE-706",
+      "CWE-807"
     ],
-    "severity": "HIGH",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-26T19:08:16Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-10T17:17:09Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-2crg-3p73-43xp/GHSA-2crg-3p73-43xp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2crg-3p73-43xp",
-  "modified": "2026-04-10T17:24:31Z",
+  "modified": "2026-04-10T19:46:38Z",
   "published": "2026-04-10T17:24:31Z",
   "aliases": [
     "CVE-2026-40073"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40073"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95"
@@ -54,6 +58,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1"
     }
   ],
   "database_specific": {
@@ -63,6 +71,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-10T17:24:31Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-10T17:17:12Z"
   }
 }