{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/dependency-vulnerability/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["sandbox-bypass","dependency-vulnerability","npm"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003eopenclaw\u003c/code\u003e npm package, a tool used for [describe package functionality if known, else leave generic], contains a critical vulnerability related to how heartbeat contexts are inherited. Specifically, improper handling of the \u003ccode\u003esenderIsOwner\u003c/code\u003e property during context inheritance allows a malicious actor to bypass intended sandbox restrictions. This vulnerability affects \u003ccode\u003eopenclaw\u003c/code\u003e versions up to and including 2026.3.28. This issue was reported by @AntAISecurityLab and patched in version 2026.3.31, released on March 31, 2026. Defenders need to ensure that their \u003ccode\u003eopenclaw\u003c/code\u003e dependencies are updated to the patched version or later to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious package that includes the vulnerable \u003ccode\u003eopenclaw\u003c/code\u003e version (\u0026lt;=2026.3.28) as a dependency.\u003c/li\u003e\n\u003cli\u003eThe malicious package leverages the heartbeat functionality of \u003ccode\u003eopenclaw\u003c/code\u003e to establish an initial context.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates the heartbeat context inheritance mechanism to gain control of the \u003ccode\u003esenderIsOwner\u003c/code\u003e property.\u003c/li\u003e\n\u003cli\u003eBy exploiting the inheritance flaw, the attacker escalates privileges within the \u003ccode\u003eopenclaw\u003c/code\u003e sandbox environment.\u003c/li\u003e\n\u003cli\u003eThe attacker utilizes the escalated privileges to execute arbitrary code within the sandbox.\u003c/li\u003e\n\u003cli\u003eThe arbitrary code gains access to sensitive resources or data within the application utilizing the \u003ccode\u003eopenclaw\u003c/code\u003e package.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates the compromised data or uses the compromised application as a pivot point for further attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to bypass the \u003ccode\u003eopenclaw\u003c/code\u003e sandbox, potentially leading to arbitrary code execution within applications using the vulnerable package. While the exact scope of impact depends on the application using \u003ccode\u003eopenclaw\u003c/code\u003e, the critical severity suggests significant potential for data breaches, service disruption, or further lateral movement within the compromised environment. Given the widespread use of npm packages, a successful exploit could affect a large number of applications and users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003eopenclaw\u003c/code\u003e npm package to version 2026.3.31 or later. This version contains the fix for the identified vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided below to detect potential exploitation attempts in your environment. Focus on monitoring process creation and file events related to \u003ccode\u003eopenclaw\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement software composition analysis (SCA) tools to automatically detect vulnerable dependencies like \u003ccode\u003eopenclaw\u003c/code\u003e in your projects.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T20:59:29Z","date_published":"2026-04-02T20:59:29Z","id":"/briefs/2026-04-openclaw-sandbox-bypass/","summary":"A critical vulnerability in the openclaw npm package (\u003c=2026.3.28) allows a heartbeat context inheritance to bypass the sandbox via senderIsOwner escalation, patched in version 2026.3.31.","title":"OpenClaw Sandbox Bypass via Heartbeat Context Inheritance","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-sandbox-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["denial-of-service","pyasn","c2cciutils","dependency-vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe c2cciutils package, a CI utility, is susceptible to a denial-of-service (DoS) attack due to an uncontrolled recursion vulnerability within its pyasn dependency. Specifically, versions of c2cciutils prior to 1.1.65 are affected. This vulnerability, identified as CVE-2026-30922, stems from a flaw in the pyasn library (see GHSA-jr27-m4p2-rc6r) which leads to excessive resource consumption when processing certain inputs. An attacker can exploit this flaw remotely with low complexity, no…\u003c/p\u003e\n","date_modified":"2026-03-26T22:27:55Z","date_published":"2026-03-26T22:27:55Z","id":"/briefs/2026-07-c2c-ci-utils-dos/","summary":"The c2cciutils package is vulnerable to denial of service due to an uncontrolled recursion vulnerability (CWE-674) in the pyasn dependency, specifically versions before 1.1.65.","title":"C2C CI utils Vulnerable to DoS via pyasn Dependency (CVE-2026-30922)","url":"https://feed.craftedsignal.io/briefs/2026-07-c2c-ci-utils-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Dependency-Vulnerability","version":"https://jsonfeed.org/version/1.1"}