Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN109
_____________________________________________________________________

DATE                : 03/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running clawdbot (npm) versions prior
                                    to 2026.1.29.

=====================================================================
https://github.com/openclaw/openclaw/security/advisories/GHSA-mc68-q9jw-2h3v
https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq
https://github.com/openclaw/openclaw/security/advisories/GHSA-q284-4pvr-m585
_____________________________________________________________________

Command Injection in Clawdbot Docker Execution via PATH Environment 
Variable

High
steipete published GHSA-mc68-q9jw-2h3v Jan 31, 2026

Package
clawdbot (npm)

Affected versions
<= 2026.1.24

Patched versions
v2026.1.29


Description

Summary

A command injection vulnerability existed in Clawdbot’s Docker sandbox 
execution mechanism due to unsafe handling of the PATH environment 
variable when constructing shell commands.

An authenticated user able to control environment variables could 
influence command execution within the container context.
This issue has been fixed and regression tests have been added to 
prevent reintroduction.


Impact

In environments where Docker sandbox mode was enabled, authenticated 
users capable of supplying environment variables could affect the 
behavior of commands executed inside the container.

This could lead to:

    Execution of unintended commands inside the container
    Access to the container filesystem and environment variables
    Exposure of sensitive data
    Increased risk in misconfigured or privileged container 
environments


Severity
High
8.8/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID
CVE-2026-24763

Weaknesses
Weakness CWE-78

Credits

    @berkdedekarginoglu berkdedekarginoglu Reporter


_____________________________________________________________________

1-Click RCE via Authentication Token Exfiltration From gatewayUrl
High
steipete published GHSA-g8p2-7wf7-98mq Jan 31, 2026

Package
clawdbot (npm)

Affected versions
<=v2026.1.28

Patched versions
v2026.1.29


Description

Summary

The Control UI trusts gatewayUrl from the query string without 
validation and auto-connects on load, sending the stored gateway token 
in the WebSocket connect payload.

Clicking a crafted link or visiting a malicious site can send the 
token to an attacker-controlled server. The attacker can then connect 
to the victim's local gateway, modify config (sandbox, tool policies), 
and invoke privileged actions, achieving 1-click RCE. This 
vulnerability is exploitable even on instances configured to listen on 
loopback only, since the victim's browser initiates the outbound 
connection.


Details

The root cause is the lack of validation for gatewayUrl combined with 
auto‑connect behavior on page load. With the change users now need to 
confirm the new gateway URL in the UI.


Impact

This is a token exfiltration vulnerability that leads to full gateway 
compromise. It impacts any Moltbot deployment where a user has 
authenticated to the Control UI. The attacker gains operator-level 
access to the gateway API, enabling arbitrary config changes and code 
execution on the gateway host. The attack works even when the gateway 
binds to loopback because the victim's browser acts as the bridge.


Severity
High
8.8/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE ID
No known CVE

Weaknesses
Weakness CWE-200

Credits

    @DepthFirstDisclosures DepthFirstDisclosures Reporter
    @0xacb 0xacb Finder
    @mavlevin mavlevin Finder


_____________________________________________________________________


OS Command Injection via Project Root Path in sshNodeCommand
High
mitsuhiko published GHSA-q284-4pvr-m585 Jan 31, 2026

Package
clawdbot/clawdbot

Affected versions
<v2026.1.29

Patched versions
v2026.1.29


Description

Two related vulnerabilities existed in the macOS application's SSH 
remote connection handling (CommandResolver.swift):


Details

The sshNodeCommand function constructed a shell script without 
properly escaping the user-supplied project path in an error message. 
When the cd command failed, the unescaped path was interpolated 
directly into an echo statement, allowing arbitrary command execution 
on the remote SSH host.

The parseSSHTarget function did not validate that SSH target strings 
could not begin with a dash. An attacker-supplied target like 
-oProxyCommand=... would be interpreted as an SSH configuration flag 
rather than a hostname, allowing arbitrary command execution on the 
local machine.


Impact

An attacker who can influence a user's remote connection settings (via 
social engineering or malicious configuration) could achieve arbitrary 
code execution on either the user's local machine or their configured 
remote SSH host, depending on which input vector is exploited.

Affected component: macOS menubar application (Remote/SSH mode only)

Not affected: CLI (npm install openclaw), web gateway, iOS/Android 
apps, or users running in Local mode.


Severity
High
7.8/ 10

CVSS v3 base metrics
Attack vector
Local
Attack complexity
High
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVE ID
CVE-2026-25157

Weaknesses
No CWEs

Credits

    @koko9xxx koko9xxx Reporter


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================