AI Security Threat Feed

OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement

OpenClaw: Browser tabs action select and close routes bypassed SSRF policy

OpenClaw: Nostr profile mutation routes allowed operator.write config persistence

OpenClaw: screen_record outPath bypassed workspace-only filesystem guard

OpenClaw: Browser SSRF policy default allowed private-network navigation

OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes

OpenClaw: Workspace .env could inject OpenClaw runtime-control variables

OpenClaw: Discord event cover images bypassed sandbox media normalization

OpenClaw: Empty approver lists could grant explicit approval authorization

OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input

OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms

OpenClaw: Memory dreaming config persistence was reachable from operator.write commands

OpenClaw: Heartbeat owner downgrade missed local async exec completion events