Security Vulnerabilities
OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to logs and error surfaces.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-31
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.
CVSS Score
9.4
EPSS Score
0.001
Published
2026-03-31
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.
CVSS Score
9.8
EPSS Score
0.006
Published
2026-03-31
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-03-31
OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.
CVSS Score
6.3
EPSS Score
0.001
Published
2026-03-31
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server
v0.104. This vulnerability allows an attacker to execute JavaScript code
in the victim's browser by sending him/her a malicious URL. This
vulnerability can be exploited to steal sensitive user data, such as
session cookies, or to perform actions on behalf of the user. It affects
'port' and 'proxyPort' parameters in '/anon.php' endpoint.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-31
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. It affects
'host' parameter in '/diagconnect.php'
endpoint.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-31
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
It affects 'host' parameter in '/diagdns.php' endpoint.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-31
Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseƱa' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information entered by the user in the username field. As a result, arbitrary JavaScript code is automatically executed in the administrator's browser when viewing failed login entries, resulting in a blind XSS condition.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-31
Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicious JavaScript payloads to be persistently stored in the database. When other users view the imported passwords, the payload is automatically executed in their browsers, resulting in a stored XSS condition at the endpoint 'redacted/index.php?page=items'. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code in the context of multiple users and the administrator, which can lead to session hijacking, credential theft, privilege abuse, and compromise of application integrity.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-31