Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package openclaw, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (200)
CVE-2026-22172 — CVSS 9.9 (critical): OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token…
CVE-2026-28363 — CVSS 9.9 (critical): In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as…
CVE-2026-28466 — CVSS 9.9 (critical): OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in…
CVE-2026-41329 — CVSS 9.9 (critical): OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context…
CVE-2026-33579 — CVSS 9.9 (critical): OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller…
CVE-2026-28391 — CVSS 9.8 (critical): OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default…
CVE-2026-32038 — CVSS 9.8 (critical): OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another…
CVE-2026-27002 — CVSS 9.8 (critical): OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow…
CVE-2026-28470 — CVSS 9.8 (critical): OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allows attackers to…
CVE-2026-44109 — CVSS 9.8 (critical): OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows…
CVE-2026-44112 — CVSS 9.6 (critical): OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers…
CVE-2026-32916 — CVSS 9.4 (critical): OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway…
CVE-2026-28446 — CVSS 9.4 (critical): OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in…
CVE-2026-32913 — CVSS 9.3 (critical): OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization…
CVE-2026-41386 — CVSS 9.1 (critical): OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles…
CVE-2026-43566 — CVSS 9.1 (critical): OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips…
CVE-2026-43534 — CVSS 9.1 (critical): OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system…
CVE-2026-42422 — CVSS 8.8 (high): OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved…
CVE-2026-35663 — CVSS 8.8 (high): OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during…
CVE-2026-32042 — CVSS 8.8 (high): OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass…
CVE-2026-26323 — CVSS 8.8 (high): OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script…
CVE-2026-41404 — CVSS 8.8 (high): OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows…
CVE-2026-32059 — CVSS 8.8 (high): OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option…
CVE-2026-32060 — CVSS 8.8 (high): OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files…
CVE-2026-53843 — CVSS 8.8 (high): OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish…
CVE-2026-43530 — CVSS 8.8 (high): OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution…
CVE-2026-41352 — CVSS 8.8 (high): OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate…
CVE-2026-43569 — CVSS 8.8 (high): OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during…
CVE-2026-43571 — CVSS 8.8 (high): OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace…
CVE-2026-29610 — CVSS 8.8 (high): OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by…
CVE-2026-41303 — CVSS 8.8 (high): OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to…
CVE-2026-32013 — CVSS 8.8 (high): OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that…
CVE-2026-42435 — CVSS 8.8 (high): OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to…
CVE-2026-42434 — CVSS 8.8 (high): OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by…
CVE-2026-43584 — CVSS 8.8 (high): OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows…
CVE-2026-41378 — CVSS 8.8 (high): OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent…
CVE-2026-35669 — CVSS 8.8 (high): OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint…
CVE-2026-42426 — CVSS 8.8 (high): OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope…
CVE-2026-35639 — CVSS 8.8 (high): OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing…
CVE-2026-35666 — CVSS 8.8 (high): OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers…
CVE-2026-35643 — CVSS 8.8 (high): OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary…
CVE-2026-43533 — CVSS 8.6 (high): OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local…
CVE-2026-31998 — CVSS 8.6 (high): OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy…
CVE-2026-41294 — CVSS 8.6 (high): OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment…
CVE-2026-32974 — CVSS 8.6 (high): OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured…
CVE-2026-44116 — CVSS 8.6 (high): OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to…
CVE-2026-42439 — CVSS 8.5 (high): OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close…
CVE-2026-41914 — CVSS 8.5 (high): OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection…
CVE-2026-33572 — CVSS 8.4 (high): OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read…
CVE-2026-32920 — CVSS 8.4 (high): OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification…
CVE-2026-28463 — CVSS 8.4 (high): OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist validation that checks…
CVE-2026-25593 — CVSS 8.4 (high): OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write…
CVE-2026-32918 — CVSS 8.4 (high): OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to…
CVE-2026-28451 — CVSS 8.3 (high): OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to…
CVE-2026-34504 — CVSS 8.3 (high): OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component…
CVE-2026-28476 — CVSS 8.3 (high): OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts…
CVE-2026-53853 — CVSS 8.3 (high): OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed…
CVE-2026-43526 — CVSS 8.2 (high): OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to…
CVE-2026-22171 — CVSS 8.2 (high): OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys…
CVE-2026-41394 — CVSS 8.2 (high): OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator…
CVE-2026-41296 — CVSS 8.2 (high): OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows…
CVE-2026-28447 — CVSS 8.1 (high): OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious…
CVE-2026-32302 — CVSS 8.1 (high): OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when…
CVE-2026-53866 — CVSS 8.1 (high): OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to…
CVE-2026-41383 — CVSS 8.1 (high): OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote…
CVE-2026-53849 — CVSS 8.1 (high): OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account…
CVE-2026-53864 — CVSS 8.1 (high): OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control…
CVE-2026-53855 — CVSS 8.1 (high): OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks…
CVE-2026-53857 — CVSS 8.1 (high): OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match…
CVE-2026-35653 — CVSS 8.1 (high): OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated…
CVE-2026-28458 — CVSS 8.1 (high): OpenClaw version 2026.1.20 prior to 2026.2.1 contains a vulnerability in the Browser Relay (extension must be installed and enabled) /cdp…
CVE-2026-35660 — CVSS 8.1 (high): OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers…
CVE-2026-35645 — CVSS 8.1 (high): OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that…
CVE-2026-43585 — CVSS 8.1 (high): OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef…
CVE-2026-32034 — CVSS 8.1 (high): OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly…
CVE-2026-28472 — CVSS 8.1 (high): OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device…
CVE-2026-28473 — CVSS 8.1 (high): OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or…
CVE-2026-42431 — CVSS 8.1 (high): OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser…
CVE-2026-34503 — CVSS 8.1 (high): OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with…
CVE-2026-41364 — CVSS 8.1 (high): OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write…
CVE-2026-33577 — CVSS 8.1 (high): OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows…
CVE-2026-32978 — CVSS 8.0 (high): OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for…
CVE-2026-32014 — CVSS 8.0 (high): OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are…
CVE-2026-44114 — CVSS 7.8 (high): OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing…
CVE-2026-32032 — CVSS 7.8 (high): OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the…
CVE-2026-41396 — CVSS 7.8 (high): OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising…
CVE-2026-44118 — CVSS 7.8 (high): OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner…
CVE-2026-42432 — CVSS 7.8 (high): OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable…
CVE-2026-41387 — CVSS 7.8 (high): OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and…
CVE-2026-32016 — CVSS 7.8 (high): OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that…
CVE-2026-32015 — CVSS 7.8 (high): OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to…
CVE-2026-27001 — CVSS 7.8 (high): OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the…
CVE-2026-35641 — CVSS 7.8 (high): OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to…
CVE-2026-45004 — CVSS 7.8 (high): OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js…
CVE-2026-41336 — CVSS 7.8 (high): OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of…
CVE-2026-41384 — CVSS 7.8 (high): OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to…
CVE-2026-41295 — CVSS 7.8 (high): OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during…
CVE-2026-43580 — CVSS 7.7 (high): OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without…
CVE-2026-32064 — CVSS 7.7 (high): OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions…
CVE-2026-43527 — CVSS 7.7 (high): OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network…
CVE-2026-43532 — CVSS 7.7 (high): OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers…
CVE-2026-28393 — CVSS 7.7 (high): OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows…
CVE-2026-44113 — CVSS 7.7 (high): OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to…
CVE-2026-42438 — CVSS 7.7 (high): OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper…
CVE-2026-42436 — CVSS 7.7 (high): OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to…
CVE-2026-43576 — CVSS 7.7 (high): OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows…
CVE-2026-43573 — CVSS 7.7 (high): OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction…
CVE-2026-28468 — CVSS 7.7 (high): OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts…
CVE-2026-35668 — CVSS 7.7 (high): OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files…
CVE-2026-22181 — CVSS 7.6 (high): OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to…
CVE-2026-34426 — CVSS 7.6 (high): OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization…
CVE-2026-41302 — CVSS 7.6 (high): OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows…
CVE-2026-41297 — CVSS 7.6 (high): OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows…
CVE-2026-27487 — CVSS 7.6 (high): OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path…
CVE-2026-26322 — CVSS 7.6 (high): OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied `gatewayUrl` without…
CVE-2026-41912 — CVSS 7.6 (high): OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations…
CVE-2026-32055 — CVSS 7.6 (high): OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write…
CVE-2026-28453 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write…
CVE-2026-26324 — CVSS 7.5 (high): OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped…
CVE-2026-42437 — CVSS 7.5 (high): OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that…
CVE-2026-32030 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary…
CVE-2026-32011 — CVSS 7.5 (high): OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that…
CVE-2026-28469 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account…
CVE-2026-26321 — CVSS 7.5 (high): OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to…
CVE-2026-29609 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the fetchWithGuard function that allocates entire…
CVE-2026-28462 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for…
CVE-2026-28461 — CVSS 7.5 (high): OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows…
CVE-2026-42423 — CVSS 7.5 (high): OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on…
CVE-2026-25474 — CVSS 7.5 (high): OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram…
CVE-2026-28454 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowing unauthenticated…
CVE-2026-35650 — CVSS 7.5 (high): OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host…
CVE-2026-41405 — CVSS 7.5 (high): OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to…
CVE-2026-32048 — CVSS 7.5 (high): OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed…
CVE-2026-32049 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across…
CVE-2026-41399 — CVSS 7.5 (high): OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation…
CVE-2026-32056 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function…
CVE-2026-32062 — CVSS 7.5 (high): OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including…
CVE-2026-41395 — CVSS 7.5 (high): OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for…
CVE-2026-28392 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly…
CVE-2026-32846 — CVSS 7.5 (high): OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by…
CVE-2026-26316 — CVSS 7.5 (high): OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as…
CVE-2026-32980 — CVSS 7.5 (high): OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header…
CVE-2026-29611 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension (must be installed and enabled)…
CVE-2026-32025 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to…
CVE-2026-26319 — CVSS 7.5 (high): OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to…
CVE-2026-28479 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which…
CVE-2026-28478 — CVSS 7.5 (high): OpenClaw versions prior to 2026.2.13 contain a denial of service vulnerability in webhook handlers that buffer request bodies without…
CVE-2026-35629 — CVSS 7.4 (high): OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard…
CVE-2026-31989 — CVSS 7.4 (high): OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that…
CVE-2026-32019 — CVSS 7.4 (high): OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing…
CVE-2026-41342 — CVSS 7.3 (high): OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated…
CVE-2026-27488 — CVSS 7.3 (high): OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch()…
CVE-2026-44995 — CVSS 7.3 (high): OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows…
CVE-2026-28448 — CVSS 7.3 (high): OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it…
CVE-2026-32979 — CVSS 7.3 (high): OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying…
CVE-2026-43531 — CVSS 7.3 (high): OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set…
CVE-2026-41380 — CVSS 7.3 (high): OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence…
CVE-2026-35637 — CVSS 7.3 (high): OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content…
CVE-2026-41390 — CVSS 7.3 (high): OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script…
CVE-2026-41355 — CVSS 7.3 (high): OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into…
CVE-2026-22179 — CVSS 7.2 (high): OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers…
CVE-2026-28456 — CVSS 7.2 (high): OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured…
CVE-2026-26325 — CVSS 7.2 (high): OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between `rawCommand` and `command[]` in the node host…
CVE-2026-31994 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to…
CVE-2026-31992 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators…
CVE-2026-32017 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write…
CVE-2026-28482 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without…
CVE-2026-26317 — CVSS 7.1 (high): OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests…
CVE-2026-32023 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent…
CVE-2026-53863 — CVSS 7.1 (high): OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs…
CVE-2026-28477 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows…
CVE-2026-42429 — CVSS 7.1 (high): OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates…
CVE-2026-42428 — CVSS 7.1 (high): OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or…
CVE-2026-41347 — CVSS 7.1 (high): OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing…
CVE-2026-28460 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute…
CVE-2026-28459 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write…
CVE-2026-22175 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be…
CVE-2026-32057 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that…
CVE-2026-32063 — CVSS 7.1 (high): OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where…
CVE-2026-27566 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and…
CVE-2026-53865 — CVSS 7.1 (high): OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths…
CVE-2026-53840 — CVSS 7.1 (high): OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured…
CVE-2026-53842 — CVSS 7.1 (high): OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime…
CVE-2026-53846 — CVSS 7.1 (high): OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the…
CVE-2026-41379 — CVSS 7.1 (high): OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access…
CVE-2026-32971 — CVSS 7.1 (high): OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell…
CVE-2026-35632 — CVSS 7.1 (high): OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on…
CVE-2026-41299 — CVSS 7.1 (high): OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields…
CVE-2026-53858 — CVSS 7.1 (high): OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence…
CVE-2026-41359 — CVSS 7.1 (high): OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access…
CVE-2026-32000 — CVSS 7.1 (high): OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows…
CVE-2026-32041 — CVSS 6.9 (medium): OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes…
CVE-2026-29607 — CVSS 6.8 (medium): OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows…
CVE-2026-43535 — CVSS 6.8 (medium): OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from…
CVE-2026-28450 — CVSS 6.8 (medium): OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:ac…
CVE-2026-41397 — CVSS 6.8 (medium): OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink…
CVE-2026-32007 — CVSS 6.8 (medium): OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental apply_patch tool that allows attackers with…
CVE-2026-32005 — CVSS 6.8 (medium): OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including block_action…
CVE-2026-22174 — CVSS 6.8 (medium): OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces…
CVE-2026-41392 — CVSS 6.7 (medium): OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file…