{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um Sicherheitsmechanismen zu umgehen, erhöhte Berechtigungen zu erlangen, Informationen offenzulegen, Konfigurationen zu manipulieren, beliebige Befehle oder Code auszuführen sowie interne Systeme über SSRF anzugreifen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1738 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1738.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1738 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1738" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-24vr-rprv-67rf vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-24vr-rprv-67rf" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-2hfg-4fh4-qp7f vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hfg-4fh4-qp7f" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-2j8v-hwgc-x698 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-2j8v-hwgc-x698" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-3c6j-hq33-3jv4 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-3wqp-prf6-2m72 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-3wqp-prf6-2m72" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-4hpg-mp64-x7xq vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hpg-mp64-x7xq" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-4m3v-q747-pc6h vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-4m3v-q747-pc6h" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-5cj2-3jr2-5h77 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-5cj2-3jr2-5h77" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-68xw-r643-9p5w vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-68xw-r643-9p5w" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-6c4r-g249-wv3c vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-6c4r-g249-wv3c" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-6fvr-66p3-3qj4 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-6fvr-66p3-3qj4" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-72fw-cqh5-f324 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-72fw-cqh5-f324" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-77pv-3w4q-vrj5 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-77pv-3w4q-vrj5" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-77q5-rr5v-x43q vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-77q5-rr5v-x43q" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-7hxm-f538-3xp6 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-7hxm-f538-3xp6" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-83w9-h5wv-j9xm vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-83w9-h5wv-j9xm" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-8c59-hr4w-qg69 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-8c59-hr4w-qg69" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-8j37-5w68-wj2g vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-8j37-5w68-wj2g" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-8mg9-j9cf-54cj vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-8mg9-j9cf-54cj" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-8wg3-5mcm-fjq8 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-8wg3-5mcm-fjq8" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-985f-72mj-8gf7 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-985f-72mj-8gf7" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-9v8j-9c9g-w66c vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-9v8j-9c9g-w66c" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-c226-q6fx-6j6c vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-c226-q6fx-6j6c" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-c29c-2q9c-pc86 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-c29c-2q9c-pc86" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-ccwh-wwpp-6wg5 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-ccwh-wwpp-6wg5" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-chr9-m4q2-76hw vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-chr9-m4q2-76hw" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-cqwv-9qjx-vxw2 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-cqwv-9qjx-vxw2" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-cw4q-gqg5-g38h vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-cw4q-gqg5-g38h" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-cwpp-5962-q4f6 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwpp-5962-q4f6" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-f397-5vjw-v2c2 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-f397-5vjw-v2c2" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-fcvx-5cxc-v5p8 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-fq9j-vw4w-fr6v vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-fq9j-vw4w-fr6v" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-gp79-m99v-gjmh vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-gp79-m99v-gjmh" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-grc3-2j34-p6gm vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-grc3-2j34-p6gm" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-gxg4-2rrr-jhc7 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-gxg4-2rrr-jhc7" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-hcm3-8f6r-6xwg vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-hcm3-8f6r-6xwg" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-hw9r-h9mr-4jff vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-hw9r-h9mr-4jff" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-jvm4-4j77-39p6 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-jvm4-4j77-39p6" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-mgq6-vr84-7m2j vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-mgq6-vr84-7m2j" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-mhq8-78pj-5j79 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-mhq8-78pj-5j79" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-mpc8-jxjh-qpgh vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-mpc8-jxjh-qpgh" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-p2fh-f5fc-44hr vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-p2fh-f5fc-44hr" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-p39j-x9h5-q66m vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-p39j-x9h5-q66m" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-p73f-w79w-jqr5 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-p73f-w79w-jqr5" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-q7q8-3mgw-q67r vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-q7q8-3mgw-q67r" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-q99w-vh6v-q3v7 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-q99w-vh6v-q3v7" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-qh2f-99mv-mrcf vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-qh2f-99mv-mrcf" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-qjpc-qf9m-xwmr vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-qjpc-qf9m-xwmr" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-rggc-m335-3wvj vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-rggc-m335-3wvj" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-rj6p-xmxr-qj4h vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-rj6p-xmxr-qj4h" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-rjxq-qqhf-8hwh vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-rjxq-qqhf-8hwh" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-rwp6-7w3q-75fq vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-rwp6-7w3q-75fq" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-rx78-29qr-5hq8 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-rx78-29qr-5hq8" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-v2ww-5rh7-2h5v vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-v2ww-5rh7-2h5v" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-v6r2-jh58-xx6w vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-v6r2-jh58-xx6w" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-v8cx-933x-r976 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8cx-933x-r976" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-vxx3-6hc9-7cc3 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-vxx3-6hc9-7cc3" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-w4v6-g3wm-w36c vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-w4v6-g3wm-w36c" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-w5ww-7chg-mxcq vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-w5ww-7chg-mxcq" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-w9hf-3pp7-pvxv vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9hf-3pp7-pvxv" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-wc84-j36w-pw4x vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-wc84-j36w-pw4x" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-wv26-j37q-2g7p vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-wv26-j37q-2g7p" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-x629-46cc-7xgw vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-xww8-gqvh-92x9 vom 2026-05-28", "url" : "https://github.com/openclaw/openclaw/security/advisories/GHSA-xww8-gqvh-92x9" } ], "source_lang" : "en-US", "title" : "OpenClaw: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-05-31T22:00:00.000+00:00", "generator" : { "date" : "2026-06-01T06:37:38.714+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1738", "initial_release_date" : "2026-05-28T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-05-28T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-05-31T22:00:00.000+00:00", "number" : "2", "summary" : "Referenz(en) aufgenommen: CVE-2026-35673, GHSA-7339-549C-W53J, CVE-2026-32906, EUVD-2026-33333, CVE-2026-34507, EUVD-2026-33334, CVE-2026-35630, EUVD-2026-33335, CVE-2026-35674, GHSA-9WCX-Q3FH-QG43, EUVD-2026-33337, EUVD-2026-33336" } ], "status" : "final", "version" : "2" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Open Source OpenClaw", "product" : { "name" : "Open Source OpenClaw", "product_id" : "T051276", "product_identification_helper" : { "cpe" : "cpe:/a:openclaw:openclaw:-" } } } ], "category" : "vendor", "name" : "Open Source" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-32906", "product_status" : { "known_affected" : [ "T051276" ] }, "release_date" : "2026-05-28T22:00:00.000+00:00", "title" : "CVE-2026-32906" }, { "cve" : "CVE-2026-34507", "product_status" : { "known_affected" : [ "T051276" ] }, "release_date" : "2026-05-28T22:00:00.000+00:00", "title" : "CVE-2026-34507" }, { "cve" : "CVE-2026-35630", "product_status" : { "known_affected" : [ "T051276" ] }, "release_date" : "2026-05-28T22:00:00.000+00:00", "title" : "CVE-2026-35630" }, { "cve" : "CVE-2026-35673", "product_status" : { "known_affected" : [ "T051276" ] }, "release_date" : "2026-05-28T22:00:00.000+00:00", "title" : "CVE-2026-35673" }, { "cve" : "CVE-2026-35674", "product_status" : { "known_affected" : [ "T051276" ] }, "release_date" : "2026-05-28T22:00:00.000+00:00", "title" : "CVE-2026-35674" } ] }