| CVE-2026-28466 |
🟣 CRITICAL |
9.4 |
OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass |
2026-03-05 |
| CVE-2026-43534 |
🟣 CRITICAL |
9.3 |
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events |
2026-05-05 |
| CVE-2026-32918 |
🟣 CRITICAL |
9.2 |
OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool |
2026-03-29 |
| CVE-2026-32917 |
🟣 CRITICAL |
9.2 |
OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP |
2026-03-31 |
| CVE-2026-43585 |
🟣 CRITICAL |
9.2 |
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation |
2026-05-06 |
| CVE-2026-44109 |
🟣 CRITICAL |
9.2 |
OpenClaw: Feishu webhook and card-action validation now fail closed |
2026-05-06 |
| CVE-2026-41386 |
🟣 CRITICAL |
9.1 |
OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes |
2026-04-28 |
| CVE-2026-43533 |
🔴 HIGH |
8.9 |
OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags |
2026-05-05 |
| CVE-2026-25253 |
🔴 HIGH |
8.8 |
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl |
2026-02-01 |
| CVE-2026-24763 |
🔴 HIGH |
8.8 |
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable |
2026-02-02 |
| CVE-2026-32913 |
🔴 HIGH |
8.8 |
OpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin Redirects |
2026-03-23 |
| CVE-2026-41296 |
🔴 HIGH |
8.8 |
OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile |
2026-04-20 |
| CVE-2026-28478 |
🔴 HIGH |
8.7 |
OpenClaw affected by denial of service via unbounded webhook request body buffering |
2026-03-05 |
| CVE-2026-32042 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication |
2026-03-21 |
| CVE-2026-32051 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access |
2026-03-21 |
| CVE-2026-33573 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters |
2026-03-29 |
| CVE-2026-41405 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.31 - Resource Exhaustion via Unauthenticated MS Teams Webhook Body Parsing |
2026-04-28 |
| CVE-2026-42434 |
🔴 HIGH |
8.7 |
OpenClaw: Sandboxed agents could escape exec routing via host=node override |
2026-05-05 |
| CVE-2026-43530 |
🔴 HIGH |
8.7 |
OpenClaw: busybox and toybox applet execution weakened exec approval binding |
2026-05-05 |
| CVE-2026-44115 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist |
2026-05-06 |
| CVE-2026-53814 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority |
2026-06-11 |
| CVE-2026-32920 |
🔴 HIGH |
8.6 |
OpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace Plugins |
2026-03-31 |
| CVE-2026-33579 |
🔴 HIGH |
8.6 |
OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval |
2026-03-31 |
| CVE-2026-53823 |
🔴 HIGH |
8.6 |
OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom |
2026-06-12 |
| CVE-2026-44118 |
🔴 HIGH |
8.5 |
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header |
2026-05-06 |
| CVE-2026-44114 |
🔴 HIGH |
8.5 |
OpenClaw: Workspace dotenv could override runtime-control environment variables |
2026-05-06 |
| CVE-2026-45004 |
🔴 HIGH |
8.4 |
OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution |
2026-05-11 |
| CVE-2026-31998 |
🔴 HIGH |
8.3 |
OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds |
2026-03-19 |
| CVE-2026-35618 |
🔴 HIGH |
8.3 |
OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification |
2026-04-09 |
| CVE-2026-43526 |
🔴 HIGH |
8.3 |
OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes |
2026-05-05 |
| CVE-2026-28469 |
🔴 HIGH |
8.2 |
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting |
2026-03-05 |
| CVE-2026-29611 |
🔴 HIGH |
8.2 |
OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling |
2026-03-05 |
| CVE-2026-25157 |
🔴 HIGH |
7.8 |
OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand |
2026-02-04 |
| CVE-2026-27002 |
🔴 HIGH |
7.7 |
OpenClaw: Docker container escape via unvalidated bind mount config injection |
2026-02-19 |
| CVE-2026-32048 |
🔴 HIGH |
7.7 |
OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn |
2026-03-21 |
| CVE-2026-43569 |
🔴 HIGH |
7.7 |
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins |
2026-05-05 |
| CVE-2026-43571 |
🔴 HIGH |
7.7 |
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows |
2026-05-05 |
| CVE-2026-44110 |
🔴 HIGH |
7.7 |
OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries |
2026-05-06 |
| CVE-2026-53807 |
🔴 HIGH |
7.7 |
OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom |
2026-06-11 |
| CVE-2026-41353 |
🔴 HIGH |
7.6 |
OpenClaw < 2026.3.22 - allowProfiles Bypass via Profile Mutation and Runtime Selection |
2026-04-23 |
| CVE-2026-43535 |
🔴 HIGH |
7.6 |
OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches |
2026-05-05 |
| CVE-2026-26316 |
🔴 HIGH |
7.5 |
OpenClaw has BlueBubbles webhook auth bypass via loopback proxy trust |
2026-02-19 |
| CVE-2026-26324 |
🔴 HIGH |
7.5 |
OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable) |
2026-02-19 |
| CVE-2026-22179 |
🔴 HIGH |
7.5 |
OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run |
2026-03-18 |
| CVE-2026-32025 |
🔴 HIGH |
7.5 |
OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass |
2026-03-19 |
| CVE-2026-28458 |
🔴 HIGH |
7.4 |
OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access |
2026-03-05 |
| CVE-2026-34512 |
🔴 HIGH |
7.2 |
OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint |
2026-04-09 |
| CVE-2026-26317 |
🔴 HIGH |
7.1 |
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints |
2026-02-19 |
| CVE-2026-26327 |
🔴 HIGH |
7.1 |
OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning |
2026-02-19 |
| CVE-2026-32008 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard |
2026-03-19 |
| CVE-2026-32976 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands |
2026-03-31 |
| CVE-2026-35644 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots |
2026-04-09 |
| CVE-2026-35636 |
🔴 HIGH |
7.1 |
OpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId Resolution |
2026-04-09 |
| CVE-2026-41368 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.28 - Environment Variable Disclosure via jq $ENV Filter Bypass |
2026-04-27 |
| CVE-2026-41385 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.31 - Nostr Private Key Exposure via config.get Redaction Bypass |
2026-04-28 |
| CVE-2026-42433 |
🔴 HIGH |
7.1 |
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools |
2026-05-05 |
| CVE-2026-43567 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter |
2026-05-05 |
| CVE-2026-43568 |
🔴 HIGH |
7.1 |
OpenClaw 2026.4.5 < 2026.4.10 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint |
2026-05-05 |
| CVE-2026-41380 |
🔴 HIGH |
7 |
OpenClaw < 2026.3.28 - Arbitrary Execution Allowlist via Wrapper Carrier Executables |
2026-04-28 |
| CVE-2026-43531 |
🔴 HIGH |
7 |
OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File |
2026-05-05 |
| CVE-2026-22178 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata |
2026-03-18 |
| CVE-2026-28480 |
🟡 MEDIUM |
6.9 |
OpenClaw Telegram allowlist authorization accepted mutable usernames |
2026-03-05 |
| CVE-2026-32975 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist |
2026-03-29 |
| CVE-2026-35626 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook |
2026-04-09 |
| CVE-2026-34426 |
🟡 MEDIUM |
6.9 |
OpenClaw - Approval Bypass via Environment Variable Normalization |
2026-04-02 |
| CVE-2026-35647 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.25 - Direct Message Policy Bypass via Verification Notices |
2026-04-10 |
| CVE-2026-41300 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding |
2026-04-20 |
| CVE-2026-41331 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Transcription |
2026-04-20 |
| CVE-2026-35664 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks |
2026-04-10 |
| CVE-2026-41374 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization |
2026-04-28 |
| CVE-2026-41400 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.31 - Resource Consumption via Oversized WebSocket Frames in voice-call |
2026-04-28 |
| CVE-2026-44116 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation |
2026-05-06 |
| CVE-2026-53818 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback |
2026-06-11 |
| CVE-2026-29612 |
🟡 MEDIUM |
6.8 |
OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding |
2026-03-05 |
| CVE-2026-26972 |
🟡 MEDIUM |
6.7 |
OpenClaw has a Path Traversal in Browser Download Functionality |
2026-02-19 |
| CVE-2026-28452 |
🟡 MEDIUM |
6.7 |
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR) |
2026-03-05 |
| CVE-2026-26328 |
🟡 MEDIUM |
6.5 |
OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities |
2026-02-19 |
| CVE-2026-28449 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression |
2026-03-19 |
| CVE-2026-35628 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate Limiting |
2026-04-09 |
| CVE-2026-35646 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.25 - Pre-Authentication Rate-Limit Bypass in Webhook Token Validation |
2026-04-09 |
| CVE-2026-35649 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist |
2026-04-10 |
| CVE-2026-35635 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat |
2026-04-09 |
| CVE-2026-41333 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken |
2026-04-23 |
| CVE-2026-41389 |
🟡 MEDIUM |
6.3 |
OpenClaw: Webchat media embedding enforces local-root containment for tool-result files |
2026-04-20 |
| CVE-2026-41913 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts |
2026-04-28 |
| CVE-2026-43527 |
🟡 MEDIUM |
6.3 |
OpenClaw: Browser SSRF policy default allowed private-network navigation |
2026-05-05 |
| CVE-2026-44117 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload |
2026-05-06 |
| CVE-2026-44999 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events |
2026-05-11 |
| CVE-2026-45002 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping |
2026-05-11 |
| CVE-2026-35645 |
🟡 MEDIUM |
6.1 |
OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession |
2026-04-09 |
| CVE-2026-32039 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.2.22 - Sender Authorization Bypass via Identity Collision in toolsBySender |
2026-03-19 |
| CVE-2026-35622 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook |
2026-04-09 |
| CVE-2026-42429 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP Authentication |
2026-04-28 |
| CVE-2026-43570 |
🟡 MEDIUM |
6 |
OpenClaw contains a symlink traversal vulnerability |
2026-05-05 |
| CVE-2026-44112 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes |
2026-05-06 |
| CVE-2026-44113 |
🟡 MEDIUM |
6 |
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes |
2026-05-06 |
| CVE-2026-53830 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload |
2026-06-12 |
| CVE-2026-53838 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection |
2026-06-12 |
| CVE-2026-28481 |
🟡 MEDIUM |
5.9 |
OpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix Matching |
2026-03-05 |
| CVE-2026-32054 |
🟡 MEDIUM |
5.9 |
OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling |
2026-03-21 |
| CVE-2026-45005 |
🟡 MEDIUM |
5.9 |
OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation |
2026-05-11 |
| CVE-2026-31999 |
🟡 MEDIUM |
5.8 |
OpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution Fallback |
2026-03-19 |
| CVE-2026-32000 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution |
2026-03-19 |
| CVE-2026-31995 |
🟡 MEDIUM |
5.8 |
OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension |
2026-03-19 |
| CVE-2026-32988 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation |
2026-03-31 |
| CVE-2026-41332 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist |
2026-04-23 |
| CVE-2026-41360 |
🟡 MEDIUM |
5.4 |
OpenClaw < 2026.4.2 - Approval Integrity Bypass in pnpm dlx Local Script Binding |
2026-04-23 |
| CVE-2026-44995 |
🟡 MEDIUM |
5.4 |
OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config |
2026-05-11 |
| CVE-2026-26326 |
🟡 MEDIUM |
5.3 |
OpenClaw skills.status could leak secrets to operator.read clients |
2026-02-19 |
| CVE-2026-32899 |
🟡 MEDIUM |
5.3 |
OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers |
2026-03-21 |
| CVE-2026-41909 |
🟡 MEDIUM |
5.3 |
OpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing Actions |
2026-04-23 |
| CVE-2026-35634 |
🟡 MEDIUM |
5.1 |
OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway |
2026-04-09 |
| CVE-2026-42436 |
🟡 MEDIUM |
4.9 |
OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes |
2026-05-05 |
| CVE-2026-42439 |
🟡 MEDIUM |
4.9 |
OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes |
2026-05-05 |
| CVE-2026-43532 |
🟡 MEDIUM |
4.9 |
OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image |
2026-05-05 |
| CVE-2026-42438 |
🟡 MEDIUM |
4.9 |
OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure |
2026-05-05 |
| CVE-2026-43573 |
🟡 MEDIUM |
4.9 |
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement |
2026-05-05 |
| CVE-2026-43576 |
🟡 MEDIUM |
4.9 |
OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL |
2026-05-06 |
| CVE-2026-43580 |
🟡 MEDIUM |
4.9 |
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage |
2026-05-06 |
| CVE-2026-43582 |
🟡 MEDIUM |
4.9 |
OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass |
2026-05-06 |
| CVE-2026-27007 |
🟡 MEDIUM |
4.8 |
OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation |
2026-02-19 |
| CVE-2026-44992 |
🟡 MEDIUM |
4.1 |
OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv |
2026-05-11 |
| CVE-2026-45003 |
🟡 MEDIUM |
4.1 |
OpenClaw: Workspace dotenv files cannot override connector endpoint hosts |
2026-05-11 |
| CVE-2026-32006 |
🟢 LOW |
2.3 |
OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist |
2026-03-19 |
| CVE-2026-34507 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Commands via DM-only and allowFrom Checks |
2026-05-29 |
| CVE-2026-35617 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName |
2026-04-09 |
| CVE-2026-35648 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.22 - Policy Bypass via Unvalidated Queued Node Actions |
2026-04-10 |
| CVE-2026-41347 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints |
2026-04-23 |
| CVE-2026-41358 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context |
2026-04-23 |
| CVE-2026-41916 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.8 - Stale Authentication State via Config Reload |
2026-04-28 |
| CVE-2026-41908 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route |
2026-04-23 |
| CVE-2026-44111 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get |
2026-05-06 |
| CVE-2026-44993 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions |
2026-05-11 |
| CVE-2026-44997 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions |
2026-05-11 |
| CVE-2026-44991 |
🟢 LOW |
2.3 |
OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners |
2026-05-11 |
| CVE-2026-53826 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn |
2026-06-12 |
| CVE-2026-31991 |
🟢 LOW |
2 |
OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist |
2026-03-19 |
| CVE-2026-32058 |
🟢 LOW |
2 |
OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node |
2026-03-21 |