Endor Labs — Six OpenClaw vulnerabilities via AI SAST
AI relevance: OpenClaw is an agent runtime; these CVEs hit the tool/webhook paths that let LLM-driven agents reach internal services and trigger side effects.
- Endor Labs released technical details on six patched OpenClaw vulnerabilities found via agentic data-flow analysis (AI SAST).
- The issues include SSRF in the Gateway tool (CVE-2026-26322 / GHSA-g6q9-8fvw-f7rf) where user-controlled gateway URLs reach WebSocket connections.
- A missing Telnyx webhook authentication bug (CVE-2026-26319 / GHSA-4hg8-92x6-h2f3) enables forged webhook calls.
- Endor Labs reports path traversal in browser upload (CVE-2026-26329 / GHSA-cv7m-c9jx-vg7q) with high severity.
- Two additional SSRF-class bugs were found in image tool fetching (GHSA-56f2-hvwg-5743) and Urbit authentication (GHSA-pg2v-8xwh-qhcc).
- A Twilio webhook authentication bypass (GHSA-c37p-4qqg-3p76) rounds out the six disclosed issues.
- Endor Labs argues traditional SAST misses these flows because LLM-to-tool data paths span multiple layers and require context tracking.
Why it matters
- Agent frameworks expose multiple network and webhook surfaces; SSRF and auth bypass in these layers can turn a single prompt into internal network reach.
- The fixes show that tool parameter validation and webhook authentication are now core agent security requirements, not optional hardening.
- AI SAST-style data-flow analysis is emerging as a practical way to find agent-specific vulnerabilities before release.
What to do
- Patch OpenClaw immediately: upgrade to the versions containing the six fixes referenced in the advisories.
- Lock down tool inputs: allowlist gateway and fetch targets; block RFC1918/metadata endpoints where possible.
- Authenticate webhooks: enforce signature validation for Telnyx/Twilio integrations and rotate secrets.
- Audit LLM-to-tool flows: ensure data-flow validation exists across every layer where agent inputs touch network calls or file paths.