| CVE-2026-22172 |
🟣 CRITICAL |
9.4 |
OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections |
2026-03-20 |
| CVE-2026-28466 |
🟣 CRITICAL |
9.4 |
OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass |
2026-03-05 |
| CVE-2026-32922 |
🟣 CRITICAL |
9.4 |
OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate |
2026-03-29 |
| CVE-2026-28474 |
🟣 CRITICAL |
9.3 |
OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing |
2026-03-05 |
| CVE-2026-43534 |
🟣 CRITICAL |
9.3 |
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events |
2026-05-05 |
| CVE-2026-32918 |
🟣 CRITICAL |
9.2 |
OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool |
2026-03-29 |
| CVE-2026-43566 |
🟣 CRITICAL |
9.1 |
OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events |
2026-05-05 |
| CVE-2026-43533 |
🔴 HIGH |
8.9 |
OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags |
2026-05-05 |
| CVE-2026-22171 |
🔴 HIGH |
8.8 |
OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming |
2026-03-18 |
| CVE-2026-25253 |
🔴 HIGH |
8.8 |
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl |
2026-02-01 |
| CVE-2026-24763 |
🔴 HIGH |
8.8 |
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable |
2026-02-02 |
| CVE-2026-32913 |
🔴 HIGH |
8.8 |
OpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin Redirects |
2026-03-23 |
| CVE-2026-32973 |
🔴 HIGH |
8.8 |
OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization |
2026-03-29 |
| CVE-2026-41296 |
🔴 HIGH |
8.8 |
OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile |
2026-04-20 |
| CVE-2026-28478 |
🔴 HIGH |
8.7 |
OpenClaw affected by denial of service via unbounded webhook request body buffering |
2026-03-05 |
| CVE-2026-29609 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-backed Media Fetch |
2026-03-05 |
| CVE-2026-32011 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing |
2026-03-19 |
| CVE-2026-32062 |
🔴 HIGH |
8.7 |
OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream |
2026-03-11 |
| CVE-2026-32982 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs |
2026-03-31 |
| CVE-2026-35663 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim |
2026-04-10 |
| CVE-2026-41303 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands |
2026-04-20 |
| CVE-2026-41399 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.3.28 - Denial of Service via Unbounded Pre-auth WebSocket Upgrades |
2026-04-28 |
| CVE-2026-42426 |
🔴 HIGH |
8.7 |
OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope |
2026-04-28 |
| CVE-2026-42435 |
🔴 HIGH |
8.7 |
OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms |
2026-05-05 |
| CVE-2026-42434 |
🔴 HIGH |
8.7 |
OpenClaw: Sandboxed agents could escape exec routing via host=node override |
2026-05-05 |
| CVE-2026-43530 |
🔴 HIGH |
8.7 |
OpenClaw: busybox and toybox applet execution weakened exec approval binding |
2026-05-05 |
| CVE-2026-34503 |
🔴 HIGH |
8.6 |
OpenClaw < 2026.3.28 - Incomplete WebSocket Session Termination on Device Removal and Token Revocation |
2026-03-31 |
| CVE-2026-41294 |
🔴 HIGH |
8.5 |
OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File |
2026-04-20 |
| CVE-2026-41384 |
🔴 HIGH |
8.5 |
OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend |
2026-04-28 |
| CVE-2026-25593 |
🔴 HIGH |
8.4 |
OpenClaw Affected by Unauthenticated Local RCE via WebSocket config.apply |
2026-02-06 |
| CVE-2026-28482 |
🔴 HIGH |
8.4 |
OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters |
2026-03-05 |
| CVE-2026-43526 |
🔴 HIGH |
8.3 |
OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes |
2026-05-05 |
| CVE-2026-28469 |
🔴 HIGH |
8.2 |
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting |
2026-03-05 |
| CVE-2026-29613 |
🔴 HIGH |
8.2 |
OpenClaw < 2026.2.12 - Webhook Authentication Bypass via Loopback remoteAddress Trust |
2026-03-05 |
| CVE-2026-42437 |
🔴 HIGH |
8.2 |
OpenClaw: Voice-call realtime WebSocket accepted oversized frames |
2026-05-05 |
| CVE-2026-25157 |
🔴 HIGH |
7.8 |
OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand |
2026-02-04 |
| CVE-2026-32048 |
🔴 HIGH |
7.7 |
OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn |
2026-03-21 |
| CVE-2026-41404 |
🔴 HIGH |
7.7 |
OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authentication |
2026-04-28 |
| CVE-2026-43569 |
🔴 HIGH |
7.7 |
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins |
2026-05-05 |
| CVE-2026-43571 |
🔴 HIGH |
7.7 |
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows |
2026-05-05 |
| CVE-2026-26322 |
🔴 HIGH |
7.6 |
OpenClaw Gateway tool allowed unrestricted gatewayUrl override |
2026-02-19 |
| CVE-2026-32005 |
🔴 HIGH |
7.6 |
OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip |
2026-03-19 |
| CVE-2026-32007 |
🔴 HIGH |
7.6 |
OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass |
2026-03-19 |
| CVE-2026-42431 |
🔴 HIGH |
7.6 |
OpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) Bypass |
2026-04-28 |
| CVE-2026-43535 |
🔴 HIGH |
7.6 |
OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches |
2026-05-05 |
| CVE-2026-26316 |
🔴 HIGH |
7.5 |
OpenClaw has BlueBubbles webhook auth bypass via loopback proxy trust |
2026-02-19 |
| CVE-2026-25474 |
🔴 HIGH |
7.5 |
OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass |
2026-02-19 |
| CVE-2026-32003 |
🔴 HIGH |
7.5 |
OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run |
2026-03-19 |
| CVE-2026-28458 |
🔴 HIGH |
7.4 |
OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access |
2026-03-05 |
| CVE-2026-32016 |
🔴 HIGH |
7.3 |
OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS |
2026-03-19 |
| CVE-2026-32055 |
🔴 HIGH |
7.2 |
OpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent Symlink |
2026-03-21 |
| CVE-2026-22169 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins |
2026-03-18 |
| CVE-2026-26317 |
🔴 HIGH |
7.1 |
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints |
2026-02-19 |
| CVE-2026-35636 |
🔴 HIGH |
7.1 |
OpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId Resolution |
2026-04-09 |
| CVE-2026-41299 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard |
2026-04-20 |
| CVE-2026-41379 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice Config |
2026-04-28 |
| CVE-2026-41385 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.3.31 - Nostr Private Key Exposure via config.get Redaction Bypass |
2026-04-28 |
| CVE-2026-42433 |
🔴 HIGH |
7.1 |
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools |
2026-05-05 |
| CVE-2026-43528 |
🔴 HIGH |
7.1 |
OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases |
2026-05-05 |
| CVE-2026-43567 |
🔴 HIGH |
7.1 |
OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter |
2026-05-05 |
| CVE-2026-43568 |
🔴 HIGH |
7.1 |
OpenClaw: Memory dreaming config persistence was reachable from operator.write commands |
2026-05-05 |
| CVE-2026-43531 |
🔴 HIGH |
7 |
OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File |
2026-05-05 |
| CVE-2026-27545 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind |
2026-03-18 |
| CVE-2026-28480 |
🟡 MEDIUM |
6.9 |
OpenClaw Telegram allowlist authorization accepted mutable usernames |
2026-03-05 |
| CVE-2026-32924 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu |
2026-03-29 |
| CVE-2026-33576 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel |
2026-03-31 |
| CVE-2026-35661 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization Bypass |
2026-04-10 |
| CVE-2026-41335 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON |
2026-04-23 |
| CVE-2026-41301 |
🟡 MEDIUM |
6.9 |
OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass |
2026-04-20 |
| CVE-2026-41400 |
🟡 MEDIUM |
6.9 |
OpenClaw < 2026.3.31 - Resource Consumption via Oversized WebSocket Frames in voice-call |
2026-04-28 |
| CVE-2026-27008 |
🟡 MEDIUM |
6.8 |
OpenClaw hardened the skill download target directory validation |
2026-02-19 |
| CVE-2026-29612 |
🟡 MEDIUM |
6.8 |
OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding |
2026-03-05 |
| CVE-2026-32024 |
🟡 MEDIUM |
6.8 |
OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling |
2026-03-19 |
| CVE-2026-28452 |
🟡 MEDIUM |
6.7 |
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR) |
2026-03-05 |
| CVE-2026-32061 |
🟡 MEDIUM |
6.7 |
OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal |
2026-03-11 |
| CVE-2026-26328 |
🟡 MEDIUM |
6.5 |
OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities |
2026-02-19 |
| CVE-2026-22170 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration |
2026-03-18 |
| CVE-2026-28471 |
🟡 MEDIUM |
6.3 |
OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin |
2026-03-05 |
| CVE-2026-32021 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom |
2026-03-19 |
| CVE-2026-32897 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback |
2026-03-21 |
| CVE-2026-32031 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway |
2026-03-19 |
| CVE-2026-35635 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat |
2026-04-09 |
| CVE-2026-35656 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limiter |
2026-04-10 |
| CVE-2026-35628 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate Limiting |
2026-04-09 |
| CVE-2026-41389 |
🟡 MEDIUM |
6.3 |
OpenClaw: Webchat media embedding enforces local-root containment for tool-result files |
2026-04-20 |
| CVE-2026-43527 |
🟡 MEDIUM |
6.3 |
OpenClaw: Browser SSRF policy default allowed private-network navigation |
2026-05-05 |
| CVE-2026-44117 |
🟡 MEDIUM |
6.3 |
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload |
2026-05-06 |
| CVE-2026-43572 |
🟡 MEDIUM |
6.3 |
OpenClaw: Microsoft Teams SSO invoke handler missed sender authorization checks |
2026-05-05 |
| CVE-2026-28460 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run |
2026-03-19 |
| CVE-2026-32002 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass |
2026-03-19 |
| CVE-2026-35622 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook |
2026-04-09 |
| CVE-2026-41363 |
🟡 MEDIUM |
6 |
OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter |
2026-04-27 |
| CVE-2026-41911 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image |
2026-04-28 |
| CVE-2026-43574 |
🟡 MEDIUM |
6 |
OpenClaw < 2026.4.12 - Improper Authorization via Empty Approver Lists |
2026-05-05 |
| CVE-2026-43570 |
🟡 MEDIUM |
6 |
OpenClaw contains a symlink traversal vulnerability |
2026-05-05 |
| CVE-2026-41393 |
🟡 MEDIUM |
5.9 |
OpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance and Credential Exfiltration via Wide-Area Discovery |
2026-04-28 |
| CVE-2026-27670 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition |
2026-03-19 |
| CVE-2026-31995 |
🟡 MEDIUM |
5.8 |
OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension |
2026-03-19 |
| CVE-2026-32010 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter |
2026-03-19 |
| CVE-2026-32000 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution |
2026-03-19 |
| CVE-2026-32035 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler |
2026-03-19 |
| CVE-2026-32988 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation |
2026-03-31 |
| CVE-2026-41373 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.3.31 - Compiler Binary Substitution via Environment Variable Override in Host Execution Policy |
2026-04-28 |
| CVE-2026-41915 |
🟡 MEDIUM |
5.8 |
OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment |
2026-04-28 |
| CVE-2026-32065 |
🟡 MEDIUM |
5.7 |
OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution |
2026-03-21 |
| CVE-2026-32923 |
🟡 MEDIUM |
5.3 |
OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement |
2026-03-29 |
| CVE-2026-32898 |
🟡 MEDIUM |
5.3 |
OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata |
2026-03-21 |
| CVE-2026-41367 |
🟡 MEDIUM |
5.3 |
OpenClaw 2026.2.14 < 2026.3.28 - Policy Enforcement Bypass in Discord Component Interactions |
2026-04-27 |
| CVE-2026-41339 |
🟡 MEDIUM |
5.3 |
OpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect Snapshot |
2026-04-23 |
| CVE-2026-42436 |
🟡 MEDIUM |
4.9 |
OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation |
2026-05-05 |
| CVE-2026-42438 |
🟡 MEDIUM |
4.9 |
OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure |
2026-05-05 |
| CVE-2026-42439 |
🟡 MEDIUM |
4.9 |
OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes |
2026-05-05 |
| CVE-2026-43532 |
🟡 MEDIUM |
4.9 |
OpenClaw: Discord event cover images bypassed sandbox media normalization |
2026-05-05 |
| CVE-2026-43573 |
🟡 MEDIUM |
4.9 |
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement |
2026-05-05 |
| CVE-2026-27576 |
🟡 MEDIUM |
4.8 |
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs |
2026-02-21 |
| CVE-2026-32020 |
🟡 MEDIUM |
4.8 |
OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler |
2026-03-19 |
| CVE-2026-41912 |
🟡 MEDIUM |
4.8 |
OpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered Navigation |
2026-04-28 |
| CVE-2026-27485 |
🟡 MEDIUM |
4.6 |
OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection |
2026-02-21 |
| CVE-2026-24764 |
🟢 LOW |
3.7 |
OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions |
2026-02-19 |
| CVE-2026-41348 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands |
2026-04-23 |
| CVE-2026-41358 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context |
2026-04-23 |
| CVE-2026-41341 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension |
2026-04-23 |
| CVE-2026-41362 |
🟢 LOW |
2.3 |
OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication |
2026-04-27 |
| CVE-2026-41376 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation |
2026-04-28 |
| CVE-2026-41402 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope Bypass |
2026-04-28 |
| CVE-2026-41908 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route |
2026-04-23 |
| CVE-2026-41408 |
🟢 LOW |
2.3 |
OpenClaw < 2026.3.31 - Disk Exhaustion via Media Download Bypass |
2026-04-28 |
| CVE-2026-44111 |
🟢 LOW |
2.3 |
OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get |
2026-05-06 |
| CVE-2026-41398 |
🟢 LOW |
2.1 |
OpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI Bridge |
2026-04-28 |
| CVE-2026-32970 |
🟢 LOW |
2 |
OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs |
2026-03-31 |
| CVE-2026-43529 |
🟢 LOW |
2 |
OpenClaw: TOCTOU read in exec script preflight |
2026-05-05 |