| CVE-2026-22172 |
🟣 CRITICAL |
9.4 |
OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections |
2026-03-20 |
| CVE-2026-32922 |
🟣 CRITICAL |
9.4 |
OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate |
2026-03-29 |
| CVE-2026-28446 |
🟣 CRITICAL |
9.2 |
OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching |
2026-03-05 |
| CVE-2026-32916 |
🟣 CRITICAL |
9.2 |
OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes |
2026-03-31 |
| CVE-2026-43585 |
🟣 CRITICAL |
9.2 |
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation |
2026-05-06 |
| CVE-2026-44109 |
🟣 CRITICAL |
9.2 |
OpenClaw: Feishu webhook and card-action validation now fail closed |
2026-05-06 |
| CVE-2026-43533 |
🔴 HIGH |
8.9 |
OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags |
2026-05-05 |
| CVE-2026-25253 |
🔴 HIGH |
8.8 |
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl |
2026-02-01 |
| CVE-2026-24763 |
🔴 HIGH |
8.8 |
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable |
2026-02-02 |
| CVE-2026-32913 |
🔴 HIGH |
8.8 |
OpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin Redirects |
2026-03-23 |
| CVE-2026-41394 |
🔴 HIGH |
8.8 |
OpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth Routes |
2026-04-28 |
| CVE-2026-28478 |
🔴 HIGH |
8.7 |
OpenClaw affected by denial of service via unbounded webhook request body buffering |
2026-03-05 |
| CVE-2026-29609 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-backed Media Fetch |
2026-03-05 |
| CVE-2026-32059 |
🔴 HIGH |
8.7 |
OpenClaw 2026.2.22-2 < 2026.2.23 - Allowlist Bypass via sort Long-Option Abbreviation in tools.exec.safeBins |
2026-03-11 |
| CVE-2026-32914 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints |
2026-03-29 |
| CVE-2026-41405 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.31 - Resource Exhaustion via Unauthenticated MS Teams Webhook Body Parsing |
2026-04-28 |
| CVE-2026-42435 |
🔴 HIGH |
8.7 |
OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection |
2026-05-05 |
| CVE-2026-42434 |
🔴 HIGH |
8.7 |
OpenClaw: Sandboxed agents could escape exec routing via host=node override |
2026-05-05 |
| CVE-2026-43530 |
🔴 HIGH |
8.7 |
OpenClaw: busybox and toybox applet execution weakened exec approval binding |
2026-05-05 |
| CVE-2026-35643 |
🔴 HIGH |
8.6 |
OpenClaw < 2026.3.22 - Arbitrary Code Execution via Unvalidated WebView JavascriptInterface |
2026-04-10 |
| CVE-2026-32064 |
🔴 HIGH |
8.5 |
OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer |
2026-03-21 |
| CVE-2026-41384 |
🔴 HIGH |
8.5 |
OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend |
2026-04-28 |
| CVE-2026-41387 |
🔴 HIGH |
8.5 |
OpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment Sanitization |
2026-04-28 |
| CVE-2026-44114 |
🔴 HIGH |
8.5 |
OpenClaw: Workspace dotenv could override runtime-control environment variables |
2026-05-06 |
| CVE-2026-44118 |
🔴 HIGH |
8.5 |
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header |
2026-05-06 |
| CVE-2026-35641 |
🔴 HIGH |
8.4 |
OpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook Installation |
2026-04-10 |
| CVE-2026-45004 |
🔴 HIGH |
8.4 |
OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution |
2026-05-11 |
| CVE-2026-32036 |
🔴 HIGH |
8.3 |
OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels |
2026-03-19 |
| CVE-2026-35618 |
🔴 HIGH |
8.3 |
OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification |
2026-04-09 |
| CVE-2026-43526 |
🔴 HIGH |
8.3 |
OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes |
2026-05-05 |
| CVE-2026-28469 |
🔴 HIGH |
8.2 |
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting |
2026-03-05 |
| CVE-2026-32030 |
🔴 HIGH |
8.2 |
OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal |
2026-03-19 |
| CVE-2026-28465 |
🔴 HIGH |
8.2 |
OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers |
2026-03-05 |
| CVE-2026-41395 |
🔴 HIGH |
8.2 |
OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3 |
2026-04-28 |
| CVE-2026-42437 |
🔴 HIGH |
8.2 |
OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path |
2026-05-05 |
| CVE-2026-25157 |
🔴 HIGH |
7.8 |
OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand |
2026-02-04 |
| CVE-2026-41352 |
🔴 HIGH |
7.7 |
OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass |
2026-04-23 |
| CVE-2026-41404 |
🔴 HIGH |
7.7 |
OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authentication |
2026-04-28 |
| CVE-2026-43569 |
🔴 HIGH |
7.7 |
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins |
2026-05-05 |
| CVE-2026-44110 |
🔴 HIGH |
7.7 |
OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries |
2026-05-06 |
| CVE-2026-43571 |
🔴 HIGH |
7.7 |
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows |
2026-05-05 |
| CVE-2026-32007 |
🔴 HIGH |
7.6 |
OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass |
2026-03-19 |
| CVE-2026-43535 |
🔴 HIGH |
7.6 |
OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches |
2026-05-05 |
| CVE-2026-25474 |
🔴 HIGH |
7.5 |
OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass |
2026-02-19 |
| CVE-2026-26321 |
🔴 HIGH |
7.5 |
OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension |
2026-02-19 |
| CVE-2026-28458 |
🔴 HIGH |
7.4 |
OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access |
2026-03-05 |
| CVE-2026-41342 |
🔴 HIGH |
7.4 |
OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding |
2026-04-23 |
| CVE-2026-32015 |
🔴 HIGH |
7.3 |
OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation |
2026-03-19 |
| CVE-2026-42432 |
🔴 HIGH |
7.3 |
OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass |
2026-04-28 |
| CVE-2026-35660 |
🔴 HIGH |
7.2 |
OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset |
2026-04-10 |
| CVE-2026-26317 |
🔴 HIGH |
7.1 |
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints |
2026-02-19 |
| CVE-2026-26329 |
🔴 HIGH |
7.1 |
OpenClaw has a path traversal in browser upload allows local file read |
2026-02-19 |
| CVE-2026-31992 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S |
2026-03-19 |
| CVE-2026-35644 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots |
2026-04-09 |
| CVE-2026-40037 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects |
2026-04-08 |
| CVE-2026-41299 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard |
2026-04-20 |
| CVE-2026-41369 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution |
2026-04-27 |
| CVE-2026-41375 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints |
2026-04-28 |
| CVE-2026-42433 |
🔴 HIGH |
7.1 |
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools |
2026-05-05 |
| CVE-2026-43528 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases |
2026-05-05 |
| CVE-2026-43567 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter |
2026-05-05 |
| CVE-2026-32009 |
🔴 HIGH |
7 |
OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins |
2026-03-19 |
| CVE-2026-43531 |
🔴 HIGH |
7 |
OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File |
2026-05-05 |
| CVE-2026-22176 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation |
2026-03-19 |
| CVE-2026-28394 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in web_fetch Tool |
2026-03-05 |
| CVE-2026-28480 |
🟡 MEDIUM |
6.9 |
OpenClaw Telegram allowlist authorization accepted mutable usernames |
2026-03-05 |
| CVE-2026-27004 |
🟡 MEDIUM |
6.9 |
OpenClaw session tool visibility hardening and Telegram webhook secret fallback |
2026-02-19 |
| CVE-2026-35626 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook |
2026-04-09 |
| CVE-2026-35633 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.22 - Unbounded Memory Allocation via Remote Media Error Responses |
2026-04-09 |
| CVE-2026-35654 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke |
2026-04-10 |
| CVE-2026-41374 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization |
2026-04-28 |
| CVE-2026-44116 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation |
2026-05-06 |
| CVE-2026-29612 |
🟡 MEDIUM |
6.8 |
OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding |
2026-03-05 |
| CVE-2026-28452 |
🟡 MEDIUM |
6.7 |
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR) |
2026-03-05 |
| CVE-2026-32044 |
🟡 MEDIUM |
6.7 |
OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation |
2026-03-21 |
| CVE-2026-25475 |
🟡 MEDIUM |
6.5 |
OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction |
2026-02-04 |
| CVE-2026-26328 |
🟡 MEDIUM |
6.5 |
OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities |
2026-02-19 |
| CVE-2026-32050 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass |
2026-03-21 |
| CVE-2026-32896 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin |
2026-03-21 |
| CVE-2026-35646 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.25 - Pre-Authentication Rate-Limit Bypass in Webhook Token Validation |
2026-04-09 |
| CVE-2026-41337 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call Replay |
2026-04-23 |
| CVE-2026-41389 |
🟡 MEDIUM |
6.3 |
OpenClaw: Webchat media embedding enforces local-root containment for tool-result files |
2026-04-20 |
| CVE-2026-41913 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts |
2026-04-28 |
| CVE-2026-43527 |
🟡 MEDIUM |
6.3 |
OpenClaw: Browser SSRF policy default allowed private-network navigation |
2026-05-05 |
| CVE-2026-44117 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload |
2026-05-06 |
| CVE-2026-44994 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoint |
2026-05-11 |
| CVE-2026-44999 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events |
2026-05-11 |
| CVE-2026-45002 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping |
2026-05-11 |
| CVE-2026-32057 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter |
2026-03-21 |
| CVE-2026-41363 |
🟡 MEDIUM |
6 |
OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter |
2026-04-27 |
| CVE-2026-43570 |
🟡 MEDIUM |
6 |
OpenClaw contains a symlink traversal vulnerability |
2026-05-05 |
| CVE-2026-44112 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes |
2026-05-06 |
| CVE-2026-44113 |
🟡 MEDIUM |
6 |
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes |
2026-05-06 |
| CVE-2026-28481 |
🟡 MEDIUM |
5.9 |
OpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix Matching |
2026-03-05 |
| CVE-2026-32043 |
🟡 MEDIUM |
5.9 |
OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter |
2026-03-21 |
| CVE-2026-40045 |
🟡 MEDIUM |
5.9 |
OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints |
2026-04-20 |
| CVE-2026-45005 |
🟡 MEDIUM |
5.9 |
OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation |
2026-05-11 |
| CVE-2026-27009 |
🟡 MEDIUM |
5.8 |
OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection |
2026-02-19 |
| CVE-2026-27670 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition |
2026-03-19 |
| CVE-2026-33574 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download |
2026-03-29 |
| CVE-2026-41332 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist |
2026-04-23 |
| CVE-2026-41373 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.31 - Compiler Binary Substitution via Environment Variable Override in Host Execution Policy |
2026-04-28 |
| CVE-2026-28457 |
🟡 MEDIUM |
5.6 |
OpenClaw < 2026.2.14 - Path Traversal in Sandbox Skill Mirroring via Name Parameter |
2026-03-05 |
| CVE-2026-29608 |
🟡 MEDIUM |
5.4 |
OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting |
2026-03-19 |
| CVE-2026-41392 |
🟡 MEDIUM |
5.4 |
OpenClaw < 2026.3.31 - Exec Allowlist Bypass via Shell Init-File Options |
2026-04-28 |
| CVE-2026-44995 |
🟡 MEDIUM |
5.4 |
OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config |
2026-05-11 |
| CVE-2026-31989 |
🟡 MEDIUM |
5.3 |
OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect |
2026-03-19 |
| CVE-2026-32898 |
🟡 MEDIUM |
5.3 |
OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata |
2026-03-21 |
| CVE-2026-41344 |
🟡 MEDIUM |
5.3 |
OpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose Parameter |
2026-04-23 |
| CVE-2026-41365 |
🟡 MEDIUM |
5.3 |
OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API Thread History |
2026-04-27 |
| CVE-2026-41377 |
🟡 MEDIUM |
5.1 |
OpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin Installation |
2026-04-28 |
| CVE-2026-42438 |
🟡 MEDIUM |
4.9 |
OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure |
2026-05-05 |
| CVE-2026-42436 |
🟡 MEDIUM |
4.9 |
OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes |
2026-05-05 |
| CVE-2026-42439 |
🟡 MEDIUM |
4.9 |
OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes |
2026-05-05 |
| CVE-2026-43573 |
🟡 MEDIUM |
4.9 |
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement |
2026-05-05 |
| CVE-2026-43580 |
🟡 MEDIUM |
4.9 |
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage |
2026-05-06 |
| CVE-2026-43582 |
🟡 MEDIUM |
4.9 |
OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass |
2026-05-06 |
| CVE-2026-43576 |
🟡 MEDIUM |
4.9 |
OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL |
2026-05-06 |
| CVE-2026-32020 |
🟡 MEDIUM |
4.8 |
OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler |
2026-03-19 |
| CVE-2026-27485 |
🟡 MEDIUM |
4.6 |
OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection |
2026-02-21 |
| CVE-2026-44992 |
🟡 MEDIUM |
4.1 |
OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv |
2026-05-11 |
| CVE-2026-45003 |
🟡 MEDIUM |
4.1 |
OpenClaw: Workspace dotenv files cannot override connector endpoint hosts |
2026-05-11 |
| CVE-2026-24764 |
🟢 LOW |
3.7 |
OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions |
2026-02-19 |
| CVE-2026-35624 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk |
2026-04-09 |
| CVE-2026-34506 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration |
2026-03-31 |
| CVE-2026-41358 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context |
2026-04-23 |
| CVE-2026-41382 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps |
2026-04-28 |
| CVE-2026-41908 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route |
2026-04-23 |
| CVE-2026-41916 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.8 - Stale Authentication State via Config Reload |
2026-04-28 |
| CVE-2026-44991 |
🟢 LOW |
2.3 |
OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners |
2026-05-11 |
| CVE-2026-44997 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions |
2026-05-11 |
| CVE-2026-44111 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get |
2026-05-06 |
| CVE-2026-27183 |
🟢 LOW |
2.1 |
OpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth Mismatch |
2026-03-23 |
| CVE-2026-31996 |
🟢 LOW |
2 |
OpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flags |
2026-03-19 |
| CVE-2026-43529 |
🟢 LOW |
2 |
OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator |
2026-05-05 |