This archive includes all published incident pages. Page 12 of 18.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: February 18, 2026 | Published: February 25, 2026
Summary The BlueBubbles extension accepted attacker-controlled local filesystem paths via mediaPath and could read arbitrary local files from disk before sending them as media attachments.
Incident date: February 18, 2026 | Published: February 25, 2026
Summary Inter-session messages sent via sessions_send could be interpreted as direct end-user instructions because they were persisted as role: "user" without provenance metadata.
Incident date: February 18, 2026 | Published: February 25, 2026
**Date:** 2025-12-07 **Vulnerability:** Server-Side Request Forgery (SSRF) **Component:** Webhooks Module ## Executive Summary A critical security vulnerability exists in the LibreDesk Webhooks module that allows an authenticated...
Incident date: February 18, 2026 | Published: February 25, 2026
Command hijacking via PATH handling **Discovered:** 2026-02-04 **Reporter:** @akhmittra ## Summary OpenClaw previously accepted untrusted PATH sources in limited situations.
Incident date: February 18, 2026 | Published: February 25, 2026
Summary Multiple webhook handlers accepted and buffered request bodies without a strict unified byte/time limit. A remote unauthenticated attacker could send oversized payloads and cause memory pressure, degrading availability.
Incident date: February 18, 2026 | Published: February 25, 2026
Summary Archive extraction lacked strict resource budgets, allowing high-expansion ZIP/TAR archives to consume excessive CPU/memory/disk during install/update flows. ## Affected Packages / Versions - openclaw (npm): <= 2026.2.
Incident date: February 18, 2026 | Published: February 25, 2026
Summary Base64-backed media inputs could be decoded into Buffers before enforcing decoded-size budgets. An attacker supplying oversized base64 payloads can force large allocations, causing memory pressure and denial of service.
Incident date: February 18, 2026 | Published: February 25, 2026
Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only (no positional file arguments) when running tools.exec.host=gateway|node with security=allowlist .
Incident date: February 18, 2026 | Published: February 25, 2026
Summary Command injection in the maintainer/dev script scripts/update-clawtributors.ts . ### Impact Affects contributors/maintainers (or CI) who run bun scripts/update-clawtributors.
Incident date: February 17, 2026 | Published: February 25, 2026
Summary Google Chat allowlisting supports matching by sender email in addition to immutable sender resource name ( users/ ). This weakens identity binding if a deployment assumes allowlists are strictly keyed by immutable principals.