Hi GitHub Security Team,
I am the original security researcher who reported the vulnerability documented in GHSA-9c3v-684m-579c.
Advisory Link: GHSA-9c3v-684m-579c
The vendor (OpenClaw) has officially accepted the vulnerability, patched it (version < 2026.6.5), and published this repository-level advisory today. However, they did not request a CVE ID during the publication process.
Since this is a publicly disclosed, confirmed architectural security flaw affecting the npm ecosystem, I am requesting that the GitHub CNA team review this advisory, promote it to the Global Advisory Database, and assign an official CVE ID so that it can be properly tracked by the community and downstream enterprise users.
Thank you!
Hi GitHub Security Team,
I am the original security researcher who reported the vulnerability documented in GHSA-9c3v-684m-579c.
Advisory Link: GHSA-9c3v-684m-579c
The vendor (OpenClaw) has officially accepted the vulnerability, patched it (version < 2026.6.5), and published this repository-level advisory today. However, they did not request a CVE ID during the publication process.
Since this is a publicly disclosed, confirmed architectural security flaw affecting the npm ecosystem, I am requesting that the GitHub CNA team review this advisory, promote it to the Global Advisory Database, and assign an official CVE ID so that it can be properly tracked by the community and downstream enterprise users.
Thank you!