Detections
Analytics
OpenClaw < 2026.2.14 Multiple Vulnerabilities
high Nessus Plugin ID 299797
Language:
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.2.14. It is, therefore, affected by multiple vulnerabilities, including:- A command injection in the maintainer clawtributors updater script allowed arbitrary command execution via crafted git commit author metadata. (CVE-2026-26323)
- The Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, enabling SSRF via outbound WebSocket connections to user-specified targets. (CVE-2026-26322)
- The optional Telnyx webhook handler could accept unsigned inbound webhook requests when telnyx.publicKey is not configured, allowing unauthenticated callers to forge Telnyx events. (CVE-2026-26319)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to OpenClaw version 2026.2.14 or later.See Also
http://www.nessus.org/u?9106bf7b
http://www.nessus.org/u?0a184f5a
http://www.nessus.org/u?cdff3532
http://www.nessus.org/u?184f68ea
http://www.nessus.org/u?df2f3c24
http://www.nessus.org/u?39e78417
http://www.nessus.org/u?2bc58efb
http://www.nessus.org/u?61f99f40
http://www.nessus.org/u?490db7bc
Plugin Details
Severity: High
ID: 299797
File Name: openclaw_2026_2_14.nasl
Version: 1.3
Type: combined
Agent: windows, macosx, unix
Family: Artificial Intelligence
Published: 2/23/2026
Updated: 2/27/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2026-26323
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v4
Risk Factor: High
Base Score: 8.6
Threat Score: 6.2
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Vulnerability Information
CPE: cpe:/a:openclaw:openclaw
Required KB Items: installed_sw/OpenClaw
Exploit Ease: No known exploits are available
Patch Publication Date: 2/15/2026
Vulnerability Publication Date: 2/15/2026
Reference Information
CVE: CVE-2026-26317, CVE-2026-26319, CVE-2026-26321, CVE-2026-26322, CVE-2026-26323, CVE-2026-26324, CVE-2026-26325, CVE-2026-26326, CVE-2026-26327, CVE-2026-26328, CVE-2026-26329