GHSA-fjm8-mgc9-mf65: Duplicate Advisory: OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability
(updated )
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-hr8g-2q7x-3f4w. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and agent configurations.
References
- github.com/advisories/GHSA-fjm8-mgc9-mf65
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/c5c10adc022f42eb75ebb3bf364dd607738683b3
- github.com/openclaw/openclaw/security/advisories/GHSA-hr8g-2q7x-3f4w
- nvd.nist.gov/vuln/detail/CVE-2026-41335
- www.vulncheck.com/advisories/openclaw-information-disclosure-via-control-ui-bootstrap-json
Code Behaviors & Features
Detect and mitigate GHSA-fjm8-mgc9-mf65 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →