{"data":{"id":"41adc4ad-9b30-4227-869f-9155e1c1202f","title":"Six flaws found hiding in OpenClaw’s plumbing","summary":"Security researchers at Endor Labs found six high-to-critical vulnerabilities in OpenClaw, an open-source AI agent framework (a platform combining large language models with tools and external integrations). The flaws include SSRF (server-side request forgery, where attackers trick a server into making unintended requests), missing webhook authentication, authentication bypasses, and path traversal (unauthorized access to files outside intended directories), all confirmed with working proof-of-concept exploits. OpenClaw has already published patches and security advisories addressing these issues.","solution":"OpenClaw has published patches and security advisories for the issues. The disclosure noted that fixes were implemented across the affected components.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4134540/six-flaws-found-hiding-in-openclaws-plumbing.html","publishedAt":"2026-02-19T12:14:23.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["OpenClaw","Endor Labs"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}