Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package clawdbot, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2026-25253 — CVSS 8.8 (high): OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket…
CVE-2026-24763 — CVSS 8.8 (high): OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability…
CVE-2026-25157 — CVSS 7.7 (high): OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path…
CVE-2026-28469 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account…
CVE-2026-28478 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.13 contain a denial of service vulnerability in webhook handlers that buffer request bodies without…
CVE-2026-26317 — CVSS 7.1 (high): OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests…
CVE-2026-26328 — CVSS 6.5 (medium): OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be…
CVE-2026-28480 — CVSS 6.5 (medium): OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable…
CVE-2026-29612 — CVSS 5.5 (medium): OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing…
CVE-2026-28452 — CVSS 5.5 (medium): OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts…