每日自动更新

🛡️ UCloud OpenClaw CVEs

安全漏洞追踪面板 — 基于 cvelistV5 + GitHub Advisory Database 数据

19
已发布 CVE
138
安全公告
53
HIGH / CRITICAL
19/19
Pipeline 全部已发布
📋 CVE 列表 🔄 发布流水线 📢 安全公告 📊 漏洞分类 💡 关键洞察

📋 已发布 CVE(cvelistV5)

110
CVE ID严重性CVSS漏洞描述发布日期
CVE-2026-32978 🟣 CRITICAL 9.4 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners 2026-03-29
CVE-2026-32987 🟣 CRITICAL 9.3 OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing 2026-03-29
CVE-2026-28472 🟣 CRITICAL 9.2 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake 2026-03-05
CVE-2026-32917 🟣 CRITICAL 9.2 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP 2026-03-31
CVE-2026-32916 🟣 CRITICAL 9.2 OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes 2026-03-31
CVE-2026-32918 🟣 CRITICAL 9.2 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool 2026-03-29
CVE-2026-25253 🔴 HIGH 8.8 OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl 2026-02-01
CVE-2026-22171 🔴 HIGH 8.8 OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming 2026-03-18
CVE-2026-24763 🔴 HIGH 8.8 OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable 2026-02-02
CVE-2026-32973 🔴 HIGH 8.8 OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization 2026-03-29
CVE-2026-28462 🔴 HIGH 8.7 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths 2026-03-05
CVE-2026-28478 🔴 HIGH 8.7 OpenClaw affected by denial of service via unbounded webhook request body buffering 2026-03-05
CVE-2026-32049 🔴 HIGH 8.7 OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass 2026-03-21
CVE-2026-32982 🔴 HIGH 8.7 OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs 2026-03-31
CVE-2026-26323 🔴 HIGH 8.6 OpenClaw has a command injection in maintainer clawtributors updater 2026-02-19
CVE-2026-32014 🔴 HIGH 8.6 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields 2026-03-19
CVE-2026-33577 🔴 HIGH 8.6 OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve 2026-03-31
CVE-2026-33575 🔴 HIGH 8.6 OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes 2026-03-29
CVE-2026-34503 🔴 HIGH 8.6 OpenClaw's device removal and token revocation do not terminate active WebSocket sessions 2026-03-31
CVE-2026-33579 🔴 HIGH 8.6 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval 2026-03-31
CVE-2026-32064 🔴 HIGH 8.5 OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer 2026-03-21
CVE-2026-25593 🔴 HIGH 8.4 OpenClaw Affected by Unauthenticated Local RCE via WebSocket config.apply 2026-02-06
CVE-2026-28393 🔴 HIGH 8.3 OpenClaw 2.0.0-beta3 < 2026.2.14 - Arbitrary JavaScript Module Loading via Hook Transform Path Traversal 2026-03-05
CVE-2026-31998 🔴 HIGH 8.3 OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds 2026-03-19
CVE-2026-32036 🔴 HIGH 8.3 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels 2026-03-19
CVE-2026-28392 🔴 HIGH 8.2 OpenClaw < 2026.2.14 - Privilege Escalation in Slack Slash Command Handler via Direct Messages 2026-03-05
CVE-2026-29613 🔴 HIGH 8.2 OpenClaw < 2026.2.12 - Webhook Authentication Bypass via Loopback remoteAddress Trust 2026-03-05
CVE-2026-28469 🔴 HIGH 8.2 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting 2026-03-05
CVE-2026-32030 🔴 HIGH 8.2 OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal 2026-03-19
CVE-2026-25157 🔴 HIGH 7.8 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand 2026-02-04
CVE-2026-27002 🔴 HIGH 7.7 OpenClaw: Docker container escape via unvalidated bind mount config injection 2026-02-19
CVE-2026-32048 🔴 HIGH 7.7 OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn 2026-03-21
CVE-2026-26322 🔴 HIGH 7.6 OpenClaw Gateway tool allowed unrestricted gatewayUrl override 2026-02-19
CVE-2026-27487 🔴 HIGH 7.6 OpenClaw: Prevent shell injection in macOS keychain credential write 2026-02-21
CVE-2026-32005 🔴 HIGH 7.6 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip 2026-03-19
CVE-2026-32007 🔴 HIGH 7.6 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass 2026-03-19
CVE-2026-25474 🔴 HIGH 7.5 OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass 2026-02-19
CVE-2026-26324 🔴 HIGH 7.5 OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable) 2026-02-19
CVE-2026-28485 🔴 HIGH 7.5 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints 2026-03-05
CVE-2026-32025 🔴 HIGH 7.5 OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass 2026-03-19
CVE-2026-28458 🔴 HIGH 7.4 OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access 2026-03-05
CVE-2026-32016 🔴 HIGH 7.3 OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS 2026-03-19
CVE-2026-32032 🔴 HIGH 7.3 OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable 2026-03-19
CVE-2026-32971 🔴 HIGH 7.3 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands 2026-03-31
CVE-2026-22169 🔴 HIGH 7.1 OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins 2026-03-18
CVE-2026-26320 🔴 HIGH 7.1 OpenClaw macOS deep link confirmation truncation can conceal executed agent message 2026-02-19
CVE-2026-26317 🔴 HIGH 7.1 OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints 2026-02-19
CVE-2026-22168 🔴 HIGH 7.1 OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run 2026-03-18
CVE-2026-26327 🔴 HIGH 7.1 OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning 2026-02-19
CVE-2026-27566 🔴 HIGH 7.1 OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run 2026-03-19
CVE-2026-28459 🔴 HIGH 7.1 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path 2026-03-05
CVE-2026-31992 🔴 HIGH 7.1 OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S 2026-03-19
CVE-2026-32008 🔴 HIGH 7.1 OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard 2026-03-19
CVE-2026-32026 🔴 HIGH 7.1 OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox 2026-03-19
CVE-2026-32972 🔴 HIGH 7.1 OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request 2026-03-29
CVE-2026-32976 🔴 HIGH 7.1 OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands 2026-03-31
CVE-2026-33581 🔴 HIGH 7.1 OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters 2026-03-31
CVE-2026-40037 🔴 HIGH 7.1 OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects 2026-04-08
CVE-2026-32009 🔴 HIGH 7 OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins 2026-03-19
CVE-2026-32979 🔴 HIGH 7 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval 2026-03-29
CVE-2026-22176 🟡 MEDIUM 6.9 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation 2026-03-19
CVE-2026-22178 🟡 MEDIUM 6.9 OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata 2026-03-18
CVE-2026-27545 🟡 MEDIUM 6.9 OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind 2026-03-18
CVE-2026-28480 🟡 MEDIUM 6.9 OpenClaw Telegram allowlist authorization accepted mutable usernames 2026-03-05
CVE-2026-31994 🟡 MEDIUM 6.9 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation 2026-03-19
CVE-2026-32063 🟡 MEDIUM 6.9 OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation 2026-03-11
CVE-2026-32975 🟡 MEDIUM 6.9 OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist 2026-03-29
CVE-2026-34504 🟡 MEDIUM 6.9 OpenClaw affected by SSRF via unguarded image download in fal provider 2026-03-31
CVE-2026-29612 🟡 MEDIUM 6.8 OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding 2026-03-05
CVE-2026-26972 🟡 MEDIUM 6.7 OpenClaw has a Path Traversal in Browser Download Functionality 2026-02-19
CVE-2026-28452 🟡 MEDIUM 6.7 OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR) 2026-03-05
CVE-2026-32044 🟡 MEDIUM 6.7 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation 2026-03-21
CVE-2026-32061 🟡 MEDIUM 6.7 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal 2026-03-11
CVE-2026-26328 🟡 MEDIUM 6.5 OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities 2026-02-19
CVE-2026-28451 🟡 MEDIUM 6.3 OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching 2026-03-05
CVE-2026-28475 🟡 MEDIUM 6.3 OpenClaw < 2026.2.13 - Timing Attack via Hook Token Comparison 2026-03-05
CVE-2026-28395 🟡 MEDIUM 6.3 OpenClaw 2026.1.14-1 < 2026.2.12 - Unintended Public Binding of Chrome Extension Relay via Wildcard cdpUrl 2026-03-05
CVE-2026-32028 🟡 MEDIUM 6.3 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress 2026-03-19
CVE-2026-32031 🟡 MEDIUM 6.3 OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway 2026-03-19
CVE-2026-32897 🟡 MEDIUM 6.3 OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback 2026-03-21
CVE-2026-32896 🟡 MEDIUM 6.3 OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin 2026-03-21
CVE-2026-33580 🟡 MEDIUM 6.3 OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication 2026-03-31
CVE-2026-28460 🟡 MEDIUM 6 OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run 2026-03-19
CVE-2026-32002 🟡 MEDIUM 6 OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass 2026-03-19
CVE-2026-32057 🟡 MEDIUM 6 OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter 2026-03-21
CVE-2026-34511 🟡 MEDIUM 6 OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter 2026-04-03
CVE-2026-32043 🟡 MEDIUM 5.9 OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter 2026-03-21
CVE-2026-27009 🟡 MEDIUM 5.8 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection 2026-02-19
CVE-2026-27670 🟡 MEDIUM 5.8 OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition 2026-03-19
CVE-2026-27646 🟡 MEDIUM 5.8 OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command 2026-03-23
CVE-2026-31995 🟡 MEDIUM 5.8 OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension 2026-03-19
CVE-2026-32010 🟡 MEDIUM 5.8 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter 2026-03-19
CVE-2026-32035 🟡 MEDIUM 5.8 OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler 2026-03-19
CVE-2026-32065 🟡 MEDIUM 5.7 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution 2026-03-21
CVE-2026-29608 🟡 MEDIUM 5.4 OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting 2026-03-19
CVE-2026-32001 🟡 MEDIUM 5.3 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication 2026-03-19
CVE-2026-32898 🟡 MEDIUM 5.3 OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata 2026-03-21
CVE-2026-32923 🟡 MEDIUM 5.3 OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement 2026-03-29
CVE-2026-34425 🟡 MEDIUM 5.3 OpenClaw - Shell-Bleed Protection Preflight Validation Bypass 2026-04-02
CVE-2026-33578 🟡 MEDIUM 5.3 OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade 2026-03-31
CVE-2026-22180 🟡 MEDIUM 4.8 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations 2026-03-18
CVE-2026-27576 🟡 MEDIUM 4.8 OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs 2026-02-21
CVE-2026-32020 🟡 MEDIUM 4.8 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler 2026-03-19
CVE-2026-27485 🟡 MEDIUM 4.6 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection 2026-02-21
CVE-2026-31997 🟡 MEDIUM 4.4 OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals 2026-03-19
CVE-2026-24764 🟢 LOW 3.7 OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions 2026-02-19
CVE-2026-27484 🟢 LOW 2.3 OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows 2026-02-21
CVE-2026-32037 🟢 LOW 2.3 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling 2026-03-19
CVE-2026-32018 🟢 LOW 2 OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations 2026-03-19
CVE-2026-32058 🟢 LOW 2 OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node 2026-03-21

🔄 CVE 发布流水线

19/19 已发布
CVE ID状态CNAGHSA 发布日期cvelistV5
CVE-2026-24763 ✅ PUBLISHED GitHub_M 2026-02-02 ✅ 已收录
CVE-2026-25157 ✅ PUBLISHED GitHub_M 2026-02-02 ✅ 已收录
CVE-2026-25253 ✅ PUBLISHED mitre 2026-02-02 ✅ 已收录
CVE-2026-26317 ✅ PUBLISHED GitHub_M 2026-02-18 ✅ 已收录
CVE-2026-26328 ✅ PUBLISHED GitHub_M 2026-02-18 ✅ 已收录
CVE-2026-28452 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-28458 ✅ PUBLISHED VulnCheck 2026-02-17 ✅ 已收录
CVE-2026-28469 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-28478 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-28480 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-29612 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-33577 ✅ PUBLISHED VulnCheck 2026-04-01 ✅ 已收录
CVE-2026-33578 ✅ PUBLISHED VulnCheck 2026-04-01 ✅ 已收录
CVE-2026-33580 ✅ PUBLISHED VulnCheck 2026-03-31 ✅ 已收录
CVE-2026-33581 ✅ PUBLISHED VulnCheck 2026-03-31 ✅ 已收录
CVE-2026-34425 ✅ PUBLISHED VulnCheck 2026-04-06 ✅ 已收录
CVE-2026-34503 ✅ PUBLISHED VulnCheck 2026-03-31 ✅ 已收录
CVE-2026-34504 ✅ PUBLISHED VulnCheck 2026-04-01 ✅ 已收录
CVE-2026-34511 ✅ PUBLISHED VulnCheck 2026-04-04 ✅ 已收录
CVE-2026-34511 ✅ PUBLISHED | [GHSA-q9w8-cf67-r238](https://github.com/advisories/GHSA-q9w8-cf67-r238) 2026-04-04 ✅ 已收录
CVE-2026-33581 ✅ PUBLISHED | [GHSA-2pr2-hcv6-7gwv](https://github.com/advisories/GHSA-2pr2-hcv6-7gwv) 2026-03-31 ✅ 已收录
CVE-2026-28469 ✅ PUBLISHED | [GHSA-3fqr-4cg8-h96q](https://github.com/advisories/GHSA-3fqr-4cg8-h96q) 2026-02-18 ✅ 已收录
CVE-2026-28478 ✅ PUBLISHED | [GHSA-mr32-vwc2-5j6h](https://github.com/advisories/GHSA-mr32-vwc2-5j6h) 2026-02-18 ✅ 已收录
CVE-2026-25157 ✅ PUBLISHED | [GHSA-g8p2-7wf7-98mq](https://github.com/advisories/GHSA-g8p2-7wf7-98mq) 2026-02-02 ✅ 已收录
CVE-2026-24763 ✅ PUBLISHED | [GHSA-r2c6-8jc8-g32w](https://github.com/advisories/GHSA-r2c6-8jc8-g32w) 2026-02-02 ✅ 已收录
CVE-2026-34425 ✅ PUBLISHED | [GHSA-ch86-pxr9-j9h9](https://github.com/advisories/GHSA-ch86-pxr9-j9h9) 2026-04-06 ✅ 已收录
CVE-2026-33578 ✅ PUBLISHED | [GHSA-2x4x-cc5g-qmmg](https://github.com/advisories/GHSA-2x4x-cc5g-qmmg) 2026-04-01 ✅ 已收录
CVE-2026-33580 ✅ PUBLISHED | [GHSA-jp4j-q5fc-58gv](https://github.com/advisories/GHSA-jp4j-q5fc-58gv) 2026-03-31 ✅ 已收录
CVE-2026-28480 ✅ PUBLISHED | [GHSA-h89v-j3x9-8wqj](https://github.com/advisories/GHSA-h89v-j3x9-8wqj) 2026-02-18 ✅ 已收录
CVE-2026-29612 ✅ PUBLISHED | [GHSA-g34w-4xqq-h79m](https://github.com/advisories/GHSA-g34w-4xqq-h79m) 2026-02-18 ✅ 已收录
CVE-2026-34504 ✅ PUBLISHED | [GHSA-g86v-f9qv-rh6m](https://github.com/advisories/GHSA-g86v-f9qv-rh6m) 2026-04-01 ✅ 已收录

📢 安全公告精选

138+
GHSA-9p3r-hh9 CRITICAL
OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile
2026-04-03
GHSA-g5cg-8x5 CRITICAL
OpenClaw: Heartbeat context inheritance bypasses sandbox via senderIsOwner escalation
2026-04-02
GHSA-8rh7-677 CRITICAL
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover
2026-04-01
GHSA-j7p2-qcw CRITICAL
OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides
2026-03-31
GHSA-vfw7-6rh HIGH
OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config
2026-04-07
GHSA-9jpj-g8v HIGH
OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter
2026-04-04 CVE-2026-34511
GHSA-q9w8-cf6 HIGH
OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration
2026-04-03
GHSA-gg9v-mgc HIGH
OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing
2026-04-03
GHSA-h5hg-h7r HIGH
OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection
2026-04-03
GHSA-gjm7-hw8 HIGH
OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch
2026-04-03
GHSA-g374-mgg HIGH
OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode
2026-04-03
GHSA-f6pf-4gj HIGH
OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read
2026-04-03

📊 漏洞分类

白名单绕过 (Allowlist Bypass)
60
注入攻击 (XSS/CSRF/Prompt/Command)
34
认证绕过 / 缺失认证
10
SSRF
5
拒绝服务 (DoS)
6
路径穿越 (CWE-22)
3
原型污染 (Prototype Pollution)
1

💡 关键洞察

📈
6.9
平均 CVSS 评分
🔴
279%
HIGH 及以上漏洞占比
100%
CVE 已发布到 cvelistV5
🛡️
100%
已提供修复版本
🏢
3
CNA 来源 (VulnCheck / GitHub / MITRE)
📦
npm
受影响包 (openclaw)