UCloud OpenClaw CVEs - 安全漏洞追踪

📋 已发布 CVE（cvelistV5）

107

CVE ID	严重性	CVSS	漏洞描述	发布日期
CVE-2026-22172	🟣 CRITICAL	9.4	OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections	2026-03-20
CVE-2026-28391	🟣 CRITICAL	9.2	OpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist Enforcement	2026-03-05
CVE-2026-22171	🔴 HIGH	8.8	OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming	2026-03-18
CVE-2026-24763	🔴 HIGH	8.8	OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable	2026-02-02
CVE-2026-25253	🔴 HIGH	8.8	OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl	2026-02-01
CVE-2026-32913	🔴 HIGH	8.8	OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects	2026-03-23
CVE-2026-28461	🔴 HIGH	8.7	OpenClaw < 2026.3.1 - Unbounded Memory Growth in Zalo Webhook via Query String Key Churn	2026-03-19
CVE-2026-28478	🔴 HIGH	8.7	OpenClaw affected by denial of service via unbounded webhook request body buffering	2026-03-05
CVE-2026-32011	🔴 HIGH	8.7	OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing	2026-03-19
CVE-2026-32042	🔴 HIGH	8.7	OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication	2026-03-21
CVE-2026-32051	🔴 HIGH	8.7	OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access	2026-03-21
CVE-2026-32062	🔴 HIGH	8.7	OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream	2026-03-11
CVE-2026-32059	🔴 HIGH	8.7	OpenClaw 2026.2.22-2 < 2026.2.23 - Allowlist Bypass via sort Long-Option Abbreviation in tools.exec.safeBins	2026-03-11
CVE-2026-26323	🔴 HIGH	8.6	OpenClaw has a command injection in maintainer clawtributors updater	2026-02-19
CVE-2026-28463	🔴 HIGH	8.6	OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins Allowlist	2026-03-05
CVE-2026-32064	🔴 HIGH	8.5	OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer	2026-03-21
CVE-2026-25593	🔴 HIGH	8.4	OpenClaw Affected by Unauthenticated Local RCE via WebSocket config.apply	2026-02-06
CVE-2026-28482	🔴 HIGH	8.4	OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters	2026-03-05
CVE-2026-28393	🔴 HIGH	8.3	OpenClaw 2.0.0-beta3 < 2026.2.14 - Arbitrary JavaScript Module Loading via Hook Transform Path Traversal	2026-03-05
CVE-2026-31998	🔴 HIGH	8.3	OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds	2026-03-19
CVE-2026-32004	🔴 HIGH	8.3	OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route	2026-03-19
CVE-2026-32036	🔴 HIGH	8.3	OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels	2026-03-19
CVE-2026-28469	🔴 HIGH	8.2	OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting	2026-03-05
CVE-2026-29611	🔴 HIGH	8.2	OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling	2026-03-05
CVE-2026-32030	🔴 HIGH	8.2	OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal	2026-03-19
CVE-2026-32045	🔴 HIGH	8.2	OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth	2026-03-21
CVE-2026-32302	🔴 HIGH	8.1	OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode	2026-03-12
CVE-2026-25157	🔴 HIGH	7.8	OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand	2026-02-04
CVE-2026-27002	🔴 HIGH	7.7	OpenClaw: Docker container escape via unvalidated bind mount config injection	2026-02-19
CVE-2026-29610	🔴 HIGH	7.7	OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling	2026-03-05
CVE-2026-32048	🔴 HIGH	7.7	OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn	2026-03-21
CVE-2026-26322	🔴 HIGH	7.6	OpenClaw Gateway tool allowed unrestricted gatewayUrl override	2026-02-19
CVE-2026-32005	🔴 HIGH	7.6	OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows	2026-03-19
CVE-2026-32007	🔴 HIGH	7.6	OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass	2026-03-19
CVE-2026-22179	🔴 HIGH	7.5	OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run	2026-03-18
CVE-2026-26316	🔴 HIGH	7.5	OpenClaw has BlueBubbles webhook auth bypass via loopback proxy trust	2026-02-19
CVE-2026-32003	🔴 HIGH	7.5	OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run	2026-03-19
CVE-2026-32025	🔴 HIGH	7.5	OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass	2026-03-19
CVE-2026-28458	🔴 HIGH	7.4	OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access	2026-03-05
CVE-2026-32032	🔴 HIGH	7.3	OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable	2026-03-19
CVE-2026-32015	🔴 HIGH	7.3	OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation	2026-03-19
CVE-2026-28473	🔴 HIGH	7.2	OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command	2026-03-05
CVE-2026-32055	🔴 HIGH	7.2	OpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent Symlink	2026-03-21
CVE-2026-22175	🔴 HIGH	7.1	OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers	2026-03-18
CVE-2026-26329	🔴 HIGH	7.1	OpenClaw has a path traversal in browser upload allows local file read	2026-02-19
CVE-2026-26317	🔴 HIGH	7.1	OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints	2026-02-19
CVE-2026-27522	🔴 HIGH	7.1	OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions	2026-03-18
CVE-2026-27566	🔴 HIGH	7.1	OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run	2026-03-19
CVE-2026-32027	🔴 HIGH	7.1	OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist	2026-03-19
CVE-2026-32008	🔴 HIGH	7.1	OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard	2026-03-19
CVE-2026-32009	🔴 HIGH	7	OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins	2026-03-19
CVE-2026-22177	🟡 MEDIUM	6.9	OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars	2026-03-18
CVE-2026-22178	🟡 MEDIUM	6.9	OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata	2026-03-18
CVE-2026-27545	🟡 MEDIUM	6.9	OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind	2026-03-18
CVE-2026-28480	🟡 MEDIUM	6.9	OpenClaw Telegram allowlist authorization accepted mutable usernames	2026-03-05
CVE-2026-31994	🟡 MEDIUM	6.9	OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation	2026-03-19
CVE-2026-32063	🟡 MEDIUM	6.9	OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation	2026-03-11
CVE-2026-28486	🟡 MEDIUM	6.8	OpenClaw 2026.1.16-2 < 2026.2.14 - Path Traversal (Zip Slip) in Archive Extraction via Installation Commands	2026-03-05
CVE-2026-29612	🟡 MEDIUM	6.8	OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding	2026-03-05
CVE-2026-32024	🟡 MEDIUM	6.8	OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling	2026-03-19
CVE-2026-28452	🟡 MEDIUM	6.7	OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)	2026-03-05
CVE-2026-32061	🟡 MEDIUM	6.7	OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal	2026-03-11
CVE-2026-25475	🟡 MEDIUM	6.5	OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction	2026-02-04
CVE-2026-26328	🟡 MEDIUM	6.5	OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities	2026-02-19
CVE-2026-22170	🟡 MEDIUM	6.3	OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty	2026-03-18
CVE-2026-28451	🟡 MEDIUM	6.3	OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching	2026-03-05
CVE-2026-28475	🟡 MEDIUM	6.3	OpenClaw < 2026.2.13 - Timing Attack via Hook Token Comparison	2026-03-05
CVE-2026-29606	🟡 MEDIUM	6.3	OpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback Compatibility	2026-03-05
CVE-2026-32021	🟡 MEDIUM	6.3	OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom	2026-03-19
CVE-2026-32031	🟡 MEDIUM	6.3	OpenClaw: /api/channels gateway-auth boundary bypass via path canonicalization mismatch	2026-03-19
CVE-2026-32897	🟡 MEDIUM	6.3	OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback	2026-03-21
CVE-2026-32050	🟡 MEDIUM	6.3	OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass	2026-03-21
CVE-2026-32896	🟡 MEDIUM	6.3	OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin	2026-03-21
CVE-2026-22181	🟡 MEDIUM	6.1	OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch	2026-03-18
CVE-2026-28460	🟡 MEDIUM	6	OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run	2026-03-19
CVE-2026-32002	🟡 MEDIUM	6	OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images	2026-03-19
CVE-2026-32033	🟡 MEDIUM	6	OpenClaw < 2026.2.24 - Path Traversal via @-prefixed Absolute Paths in Workspace Boundary Validation	2026-03-19
CVE-2026-32039	🟡 MEDIUM	6	OpenClaw < 2026.2.22 - Sender Authorization Bypass via Identity Collision in toolsBySender	2026-03-19
CVE-2026-22174	🟡 MEDIUM	5.9	OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe	2026-03-18
CVE-2026-28477	🟡 MEDIUM	5.9	OpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login Flow	2026-03-05
CVE-2026-32054	🟡 MEDIUM	5.9	OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling	2026-03-21
CVE-2026-27009	🟡 MEDIUM	5.8	OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection	2026-02-19
CVE-2026-27646	🟡 MEDIUM	5.8	OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command	2026-03-23
CVE-2026-31999	🟡 MEDIUM	5.8	OpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution Fallback	2026-03-19
CVE-2026-32035	🟡 MEDIUM	5.8	OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler	2026-03-19
CVE-2026-32010	🟡 MEDIUM	5.8	OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter	2026-03-19
CVE-2026-32052	🟡 MEDIUM	5.8	OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers	2026-03-21
CVE-2026-32065	🟡 MEDIUM	5.7	OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution	2026-03-21
CVE-2026-31993	🟡 MEDIUM	5.6	OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains	2026-03-19
CVE-2026-29608	🟡 MEDIUM	5.4	OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting	2026-03-19
CVE-2026-31989	🟡 MEDIUM	5.3	OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect	2026-03-19
CVE-2026-32899	🟡 MEDIUM	5.3	OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers	2026-03-21
CVE-2026-32898	🟡 MEDIUM	5.3	OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata	2026-03-21
CVE-2026-32895	🟡 MEDIUM	5.3	OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers	2026-03-21
CVE-2026-22180	🟡 MEDIUM	4.8	OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations	2026-03-18
CVE-2026-27576	🟡 MEDIUM	4.8	OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs	2026-02-21
CVE-2026-31997	🟡 MEDIUM	4.4	OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals	2026-03-19
CVE-2026-27486	🟡 MEDIUM	4.3	OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup	2026-02-21
CVE-2026-24764	🟢 LOW	3.7	OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions	2026-02-19
CVE-2026-27524	🟢 LOW	2.3	OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path	2026-03-18
CVE-2026-32006	🟢 LOW	2.3	OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist	2026-03-19
CVE-2026-32019	🟢 LOW	2.3	OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard	2026-03-19
CVE-2026-27183	🟢 LOW	2.1	OpenClaw: system.run wrapper-depth boundary could skip shell approval gating	2026-03-23
CVE-2026-31996	🟢 LOW	2	OpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flags	2026-03-19
CVE-2026-32018	🟢 LOW	2	OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations	2026-03-19
CVE-2026-32058	🟢 LOW	2	OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node	2026-03-21
CVE-2026-32067	🟢 LOW	2	OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store	2026-03-21

🔄 CVE 发布流水线

22/22 已发布

CVE ID	状态	CNA	GHSA 发布日期	cvelistV5
CVE-2026-22170	✅ PUBLISHED	VulnCheck	2026-03-04	✅ 已收录
CVE-2026-22172	✅ PUBLISHED	VulnCheck	2026-03-13	✅ 已收录
CVE-2026-24763	✅ PUBLISHED	GitHub_M	2026-02-02	✅ 已收录
CVE-2026-25157	✅ PUBLISHED	GitHub_M	2026-02-02	✅ 已收录
CVE-2026-25253	✅ PUBLISHED	mitre	2026-02-02	✅ 已收录
CVE-2026-26317	✅ PUBLISHED	GitHub_M	2026-02-18	✅ 已收录
CVE-2026-26328	✅ PUBLISHED	GitHub_M	2026-02-18	✅ 已收录
CVE-2026-27183	✅ PUBLISHED	VulnCheck	2026-03-09	✅ 已收录
CVE-2026-27646	✅ PUBLISHED	VulnCheck	2026-03-09	✅ 已收录
CVE-2026-28452	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-28458	✅ PUBLISHED	VulnCheck	2026-02-17	✅ 已收录
CVE-2026-28469	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-28478	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-28480	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-29612	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-32002	✅ PUBLISHED	VulnCheck	2026-03-04	✅ 已收录
CVE-2026-32005	✅ PUBLISHED	VulnCheck	2026-03-04	✅ 已收录
CVE-2026-32018	✅ PUBLISHED	VulnCheck	2026-03-03	✅ 已收录
CVE-2026-32019	✅ PUBLISHED	VulnCheck	2026-03-04	✅ 已收录
CVE-2026-32031	✅ PUBLISHED	VulnCheck	2026-03-12	✅ 已收录
CVE-2026-32302	✅ PUBLISHED	GitHub_M	2026-03-12	✅ 已收录
CVE-2026-32913	✅ PUBLISHED	VulnCheck	2026-03-09	✅ 已收录
CVE-2026-22172	✅ PUBLISHED	\| [GHSA-g353-mgv3-8pcj](https://github.com/advisories/GHSA-g353-mgv3-8pcj)	2026-03-13	✅ 已收录
CVE-2026-32302	✅ PUBLISHED	\| [GHSA-qcc4-p59m-p54m](https://github.com/advisories/GHSA-qcc4-p59m-p54m)	2026-03-12	✅ 已收录
CVE-2026-32913	✅ PUBLISHED	\| [GHSA-rchv-x836-w7xp](https://github.com/advisories/GHSA-rchv-x836-w7xp)	2026-03-09	✅ 已收录
CVE-2026-32005	✅ PUBLISHED	\| [GHSA-3jx4-q2m7-r496](https://github.com/advisories/GHSA-3jx4-q2m7-r496)	2026-03-04	✅ 已收录
CVE-2026-28469	✅ PUBLISHED	\| [GHSA-3fqr-4cg8-h96q](https://github.com/advisories/GHSA-3fqr-4cg8-h96q)	2026-02-18	✅ 已收录
CVE-2026-28478	✅ PUBLISHED	\| [GHSA-mr32-vwc2-5j6h](https://github.com/advisories/GHSA-mr32-vwc2-5j6h)	2026-02-18	✅ 已收录
CVE-2026-25157	✅ PUBLISHED	\| [GHSA-g8p2-7wf7-98mq](https://github.com/advisories/GHSA-g8p2-7wf7-98mq)	2026-02-02	✅ 已收录
CVE-2026-24763	✅ PUBLISHED	\| [GHSA-r2c6-8jc8-g32w](https://github.com/advisories/GHSA-r2c6-8jc8-g32w)	2026-02-02	✅ 已收录
CVE-2026-32031	✅ PUBLISHED	\| [GHSA-v8cg-4474-49v8](https://github.com/advisories/GHSA-v8cg-4474-49v8)	2026-03-12	✅ 已收录
CVE-2026-27646	✅ PUBLISHED	\| [GHSA-r6qf-8968-wj9q](https://github.com/advisories/GHSA-r6qf-8968-wj9q)	2026-03-09	✅ 已收录
CVE-2026-22170	✅ PUBLISHED	\| [GHSA-q6qf-4p5j-r25g](https://github.com/advisories/GHSA-q6qf-4p5j-r25g)	2026-03-04	✅ 已收录
CVE-2026-32019	✅ PUBLISHED	\| [GHSA-jjgj-cpp9-cvpv](https://github.com/advisories/GHSA-jjgj-cpp9-cvpv)	2026-03-04	✅ 已收录
CVE-2026-32018	✅ PUBLISHED	\| [GHSA-mj5r-hh7j-4gxf](https://github.com/advisories/GHSA-mj5r-hh7j-4gxf)	2026-03-03	✅ 已收录
CVE-2026-28452	✅ PUBLISHED	\| [GHSA-w2cg-vxx6-5xjg](https://github.com/advisories/GHSA-w2cg-vxx6-5xjg)	2026-02-18	✅ 已收录
CVE-2026-26328	✅ PUBLISHED	### Low Severity	2026-02-18	✅ 已收录

📢 安全公告精选

169+

GHSA-x49q-fhh CRITICAL

Duplicate Advisory: OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

2026-03-20

GHSA-rqpp-rjj CRITICAL

OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

2026-03-13 CVE-2026-22172

GHSA-4jpw-hj2 CRITICAL

OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE

2026-03-13

GHSA-xw77-45g CRITICAL

OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes

2026-03-13

GHSA-rj39-33v HIGH

Duplicate Advisory: OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)

2026-03-21

GHSA-cxcw-jm6 HIGH

Duplicate Advisory: OpenClaw's andbox browser noVNC observer lacked VNC authentication

2026-03-21

GHSA-9f79-7pw HIGH

Duplicate Advisory: OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf

2026-03-21

GHSA-qwmf-95r HIGH

Duplicate Advisory: OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes

2026-03-21

GHSA-xq3g-m3j HIGH

Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels

2026-03-21

GHSA-jqpf-vj2 HIGH

Duplicate Advisory: Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch

2026-03-19

GHSA-x742-88j HIGH

Duplicate Advisory: allowlist exec-guard bypass via env -S

2026-03-19

GHSA-3846-mfv HIGH

Duplicate Advisory: Exec allowlist wrapper analysis did not unwrap env/shell dispatch chains

2026-03-19

📊 漏洞分类

白名单绕过 (Allowlist Bypass)

注入攻击 (XSS/CSRF/Prompt/Command)

认证绕过 / 缺失认证

SSRF

拒绝服务 (DoS)

路径穿越 (CWE-22)

原型污染 (Prototype Pollution)

💡 关键洞察

📈

6.7

平均 CVSS 评分

🔴

286%

HIGH 及以上漏洞占比

⚡

100%

CVE 已发布到 cvelistV5

🛡️

100%

已提供修复版本

🏢

CNA 来源 (VulnCheck / GitHub / MITRE)

📦

npm

受影响包 (openclaw)

🛡️ UCloud OpenClaw CVEs

📋 已发布 CVE（cvelistV5）

🔄 CVE 发布流水线

📢 安全公告精选

📊 漏洞分类

💡 关键洞察