每日自动更新

🛡️ UCloud OpenClaw CVEs

安全漏洞追踪面板 — 基于 cvelistV5 + GitHub Advisory Database 数据

29
已发布 CVE
154
安全公告
53
HIGH / CRITICAL
29/29
Pipeline 全部已发布
📋 CVE 列表 🔄 发布流水线 📢 安全公告 📊 漏洞分类 💡 关键洞察

📋 已发布 CVE(cvelistV5)

113
CVE ID严重性CVSS漏洞描述发布日期
CVE-2026-32038 🟣 CRITICAL 9.3 OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter 2026-03-19
CVE-2026-28446 🟣 CRITICAL 9.2 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching 2026-03-05
CVE-2026-28470 🟣 CRITICAL 9.2 OpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double Quotes 2026-03-05
CVE-2026-28472 🟣 CRITICAL 9.2 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake 2026-03-05
CVE-2026-24763 🔴 HIGH 8.8 OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable 2026-02-02
CVE-2026-25253 🔴 HIGH 8.8 OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl 2026-02-01
CVE-2026-28461 🔴 HIGH 8.7 OpenClaw < 2026.3.1 - Unbounded Memory Growth in Zalo Webhook via Query String Key Churn 2026-03-19
CVE-2026-28462 🔴 HIGH 8.7 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths 2026-03-05
CVE-2026-28479 🔴 HIGH 8.7 OpenClaw < 2026.2.15 - Cache Poisoning via Deprecated SHA-1 Hash in Sandbox Configuration 2026-03-05
CVE-2026-29609 🔴 HIGH 8.7 OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-backed Media Fetch 2026-03-05
CVE-2026-28478 🔴 HIGH 8.7 OpenClaw affected by denial of service via unbounded webhook request body buffering 2026-03-05
CVE-2026-32011 🔴 HIGH 8.7 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing 2026-03-19
CVE-2026-32013 🔴 HIGH 8.7 OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods 2026-03-19
CVE-2026-32060 🔴 HIGH 8.7 OpenClaw < 2026.2.14 - Path Traversal in apply_patch via Crafted Paths 2026-03-11
CVE-2026-27001 🔴 HIGH 8.6 OpenClaw: Unsanitized CWD path injection into LLM prompts 2026-02-19
CVE-2026-28463 🔴 HIGH 8.6 OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins Allowlist 2026-03-05
CVE-2026-32014 🔴 HIGH 8.6 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields 2026-03-19
CVE-2026-25593 🔴 HIGH 8.4 OpenClaw Affected by Unauthenticated Local RCE via WebSocket config.apply 2026-02-06
CVE-2026-28450 🔴 HIGH 8.3 OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints 2026-03-05
CVE-2026-28453 🔴 HIGH 8.3 OpenClaw < 2026.2.14 - Zip Slip Path Traversal in TAR Archive Extraction 2026-03-05
CVE-2026-31998 🔴 HIGH 8.3 OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds 2026-03-19
CVE-2026-32036 🔴 HIGH 8.3 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels 2026-03-19
CVE-2026-28392 🔴 HIGH 8.2 OpenClaw < 2026.2.14 - Privilege Escalation in Slack Slash Command Handler via Direct Messages 2026-03-05
CVE-2026-28454 🔴 HIGH 8.2 OpenClaw < 2026.2.2 - Authorization Bypass via Unauthenticated Telegram Webhook 2026-03-05
CVE-2026-28464 🔴 HIGH 8.2 OpenClaw < 2026.2.12 - Timing Attack in Hooks Token Authentication 2026-03-05
CVE-2026-28469 🔴 HIGH 8.2 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting 2026-03-05
CVE-2026-28465 🔴 HIGH 8.2 OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers 2026-03-05
CVE-2026-29611 🔴 HIGH 8.2 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling 2026-03-05
CVE-2026-32302 🔴 HIGH 8.1 OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode 2026-03-12
CVE-2026-25157 🔴 HIGH 7.8 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand 2026-02-04
CVE-2026-27002 🔴 HIGH 7.7 OpenClaw: Docker container escape via unvalidated bind mount config injection 2026-02-19
CVE-2026-27487 🔴 HIGH 7.6 OpenClaw: Prevent shell injection in macOS keychain credential write 2026-02-21
CVE-2026-32005 🔴 HIGH 7.6 OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows 2026-03-19
CVE-2026-32007 🔴 HIGH 7.6 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass 2026-03-19
CVE-2026-25474 🔴 HIGH 7.5 OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass 2026-02-19
CVE-2026-26319 🔴 HIGH 7.5 OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests 2026-02-19
CVE-2026-28485 🔴 HIGH 7.5 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints 2026-03-05
CVE-2026-32003 🔴 HIGH 7.5 OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run 2026-03-19
CVE-2026-32025 🔴 HIGH 7.5 OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains 2026-03-19
CVE-2026-32041 🔴 HIGH 7.5 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap 2026-03-19
CVE-2026-28458 🔴 HIGH 7.4 OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access 2026-03-05
CVE-2026-32016 🔴 HIGH 7.3 OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS 2026-03-19
CVE-2026-28473 🔴 HIGH 7.2 OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command 2026-03-05
CVE-2026-22169 🔴 HIGH 7.1 OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins 2026-03-18
CVE-2026-22168 🔴 HIGH 7.1 OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run 2026-03-18
CVE-2026-26327 🔴 HIGH 7.1 OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning 2026-02-19
CVE-2026-26329 🔴 HIGH 7.1 OpenClaw has a path traversal in browser upload allows local file read 2026-02-19
CVE-2026-26317 🔴 HIGH 7.1 OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints 2026-02-19
CVE-2026-27522 🔴 HIGH 7.1 OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions 2026-03-18
CVE-2026-27566 🔴 HIGH 7.1 OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run 2026-03-19
CVE-2026-31992 🔴 HIGH 7.1 OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S 2026-03-19
CVE-2026-29607 🔴 HIGH 7.1 OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence 2026-03-19
CVE-2026-32008 🔴 HIGH 7.1 OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard 2026-03-19
CVE-2026-32027 🔴 HIGH 7.1 OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist 2026-03-19
CVE-2026-22176 🟡 MEDIUM 6.9 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation 2026-03-19
CVE-2026-22178 🟡 MEDIUM 6.9 OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata 2026-03-18
CVE-2026-22177 🟡 MEDIUM 6.9 OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars 2026-03-18
CVE-2026-27004 🟡 MEDIUM 6.9 OpenClaw session tool visibility hardening and Telegram webhook secret fallback 2026-02-19
CVE-2026-27003 🟡 MEDIUM 6.9 OpenClaw: Telegram bot token exposure via logs 2026-02-19
CVE-2026-27523 🟡 MEDIUM 6.9 OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths 2026-03-18
CVE-2026-27488 🟡 MEDIUM 6.9 OpenClaw hardened cron webhook delivery against SSRF 2026-02-21
CVE-2026-28394 🟡 MEDIUM 6.9 OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in web_fetch Tool 2026-03-05
CVE-2026-28480 🟡 MEDIUM 6.9 OpenClaw Telegram allowlist authorization accepted mutable usernames 2026-03-05
CVE-2026-31994 🟡 MEDIUM 6.9 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation 2026-03-19
CVE-2026-32063 🟡 MEDIUM 6.9 OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation 2026-03-11
CVE-2026-29612 🟡 MEDIUM 6.8 OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding 2026-03-05
CVE-2026-32024 🟡 MEDIUM 6.8 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling 2026-03-19
CVE-2026-26972 🟡 MEDIUM 6.7 OpenClaw has a Path Traversal in Browser Download Functionality 2026-02-19
CVE-2026-28452 🟡 MEDIUM 6.7 OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR) 2026-03-05
CVE-2026-32061 🟡 MEDIUM 6.7 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal 2026-03-11
CVE-2026-25475 🟡 MEDIUM 6.5 OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction 2026-02-04
CVE-2026-26328 🟡 MEDIUM 6.5 OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities 2026-02-19
CVE-2026-22170 🟡 MEDIUM 6.3 OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty 2026-03-18
CVE-2026-28448 🟡 MEDIUM 6.3 OpenClaw 2026.1.29 < 2026.2.1 - Authorization Bypass in Twitch Plugin allowFrom Access Control 2026-03-05
CVE-2026-28449 🟡 MEDIUM 6.3 OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing 2026-03-19
CVE-2026-28471 🟡 MEDIUM 6.3 OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin 2026-03-05
CVE-2026-28475 🟡 MEDIUM 6.3 OpenClaw < 2026.2.13 - Timing Attack via Hook Token Comparison 2026-03-05
CVE-2026-29606 🟡 MEDIUM 6.3 OpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback Compatibility 2026-03-05
CVE-2026-28476 🟡 MEDIUM 6.3 OpenClaw < 2026.2.14 - Server-Side Request Forgery in Tlon Extension Authentication 2026-03-05
CVE-2026-32029 🟡 MEDIUM 6.3 OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing 2026-03-19
CVE-2026-32028 🟡 MEDIUM 6.3 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress 2026-03-19
CVE-2026-32031 🟡 MEDIUM 6.3 OpenClaw: /api/channels gateway-auth boundary bypass via path canonicalization mismatch 2026-03-19
CVE-2026-32034 🟡 MEDIUM 6.1 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP 2026-03-19
CVE-2026-28460 🟡 MEDIUM 6 OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run 2026-03-19
CVE-2026-32017 🟡 MEDIUM 6 OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist 2026-03-19
CVE-2026-32002 🟡 MEDIUM 6 OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images 2026-03-19
CVE-2026-32023 🟡 MEDIUM 6 OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run 2026-03-19
CVE-2026-32022 🟡 MEDIUM 6 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass 2026-03-19
CVE-2026-32033 🟡 MEDIUM 6 OpenClaw has a workspace-only sandbox guard mismatch for @-prefixed absolute paths 2026-03-19
CVE-2026-32039 🟡 MEDIUM 6 OpenClaw's typed sender-key matching for toolsBySender prevents identity-collision policy bypass 2026-03-19
CVE-2026-22174 🟡 MEDIUM 5.9 OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe 2026-03-18
CVE-2026-28481 🟡 MEDIUM 5.9 OpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix Matching 2026-03-05
CVE-2026-22217 🟡 MEDIUM 5.8 OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback 2026-03-18
CVE-2026-27009 🟡 MEDIUM 5.8 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection 2026-02-19
CVE-2026-32000 🟡 MEDIUM 5.8 OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution 2026-03-19
CVE-2026-31999 🟡 MEDIUM 5.8 OpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution Fallback 2026-03-19
CVE-2026-31995 🟡 MEDIUM 5.8 OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path 2026-03-19
CVE-2026-32010 🟡 MEDIUM 5.8 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter 2026-03-19
CVE-2026-29608 🟡 MEDIUM 5.4 OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting 2026-03-19
CVE-2026-32001 🟡 MEDIUM 5.3 OpenClaw's Node role device-identity bypass allows unauthorized node.event injection 2026-03-19
CVE-2026-22180 🟡 MEDIUM 4.8 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations 2026-03-18
CVE-2026-27576 🟡 MEDIUM 4.8 OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs 2026-02-21
CVE-2026-32020 🟡 MEDIUM 4.8 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler 2026-03-19
CVE-2026-27485 🟡 MEDIUM 4.6 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection 2026-02-21
CVE-2026-27486 🟡 MEDIUM 4.3 OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup 2026-02-21
CVE-2026-24764 🟢 LOW 3.7 OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions 2026-02-19
CVE-2026-32040 🟢 LOW 2.4 OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation 2026-03-19
CVE-2026-27524 🟢 LOW 2.3 OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path 2026-03-18
CVE-2026-27484 🟢 LOW 2.3 OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows 2026-02-21
CVE-2026-32006 🟢 LOW 2.3 OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback 2026-03-19
CVE-2026-32019 🟢 LOW 2.3 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard 2026-03-19
CVE-2026-31991 🟢 LOW 2 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist 2026-03-19
CVE-2026-32018 🟢 LOW 2 OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations 2026-03-19

🔄 CVE 发布流水线

29/29 已发布
CVE ID状态CNAGHSA 发布日期cvelistV5
CVE-2026-22170 ✅ PUBLISHED VulnCheck 2026-03-04 ✅ 已收录
CVE-2026-24763 ✅ PUBLISHED GitHub_M 2026-02-02 ✅ 已收录
CVE-2026-25157 ✅ PUBLISHED GitHub_M 2026-02-02 ✅ 已收录
CVE-2026-25253 ✅ PUBLISHED mitre 2026-02-02 ✅ 已收录
CVE-2026-26317 ✅ PUBLISHED GitHub_M 2026-02-18 ✅ 已收录
CVE-2026-26328 ✅ PUBLISHED GitHub_M 2026-02-18 ✅ 已收录
CVE-2026-27523 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-27524 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-28449 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-28452 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-28458 ✅ PUBLISHED VulnCheck 2026-02-17 ✅ 已收录
CVE-2026-28469 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-28478 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-28480 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-29612 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-31995 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32001 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32002 ✅ PUBLISHED VulnCheck 2026-03-04 ✅ 已收录
CVE-2026-32005 ✅ PUBLISHED VulnCheck 2026-03-04 ✅ 已收录
CVE-2026-32006 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32010 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32018 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32019 ✅ PUBLISHED VulnCheck 2026-03-04 ✅ 已收录
CVE-2026-32025 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32029 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32031 ✅ PUBLISHED VulnCheck 2026-03-12 ✅ 已收录
CVE-2026-32033 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32039 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32302 ✅ PUBLISHED GitHub_M 2026-03-12 ✅ 已收录
CVE-2026-32302 ✅ PUBLISHED | [GHSA-qcc4-p59m-p54m](https://github.com/advisories/GHSA-qcc4-p59m-p54m) 2026-03-12 ✅ 已收录
CVE-2026-32005 ✅ PUBLISHED | [GHSA-3jx4-q2m7-r496](https://github.com/advisories/GHSA-3jx4-q2m7-r496) 2026-03-04 ✅ 已收录
CVE-2026-27523 ✅ PUBLISHED | [GHSA-4gc7-qcvf-38wg](https://github.com/advisories/GHSA-4gc7-qcvf-38wg) 2026-03-03 ✅ 已收录
CVE-2026-28469 ✅ PUBLISHED | [GHSA-3fqr-4cg8-h96q](https://github.com/advisories/GHSA-3fqr-4cg8-h96q) 2026-02-18 ✅ 已收录
CVE-2026-28478 ✅ PUBLISHED | [GHSA-mr32-vwc2-5j6h](https://github.com/advisories/GHSA-mr32-vwc2-5j6h) 2026-02-18 ✅ 已收录
CVE-2026-25157 ✅ PUBLISHED | [GHSA-g8p2-7wf7-98mq](https://github.com/advisories/GHSA-g8p2-7wf7-98mq) 2026-02-02 ✅ 已收录
CVE-2026-24763 ✅ PUBLISHED | [GHSA-r2c6-8jc8-g32w](https://github.com/advisories/GHSA-r2c6-8jc8-g32w) 2026-02-02 ✅ 已收录
CVE-2026-32031 ✅ PUBLISHED | [GHSA-v8cg-4474-49v8](https://github.com/advisories/GHSA-v8cg-4474-49v8) 2026-03-12 ✅ 已收录
CVE-2026-22170 ✅ PUBLISHED | [GHSA-q6qf-4p5j-r25g](https://github.com/advisories/GHSA-q6qf-4p5j-r25g) 2026-03-04 ✅ 已收录
CVE-2026-32019 ✅ PUBLISHED | [GHSA-jjgj-cpp9-cvpv](https://github.com/advisories/GHSA-jjgj-cpp9-cvpv) 2026-03-04 ✅ 已收录
CVE-2026-32018 ✅ PUBLISHED | [GHSA-rv2q-f2h5-6xmg](https://github.com/advisories/GHSA-rv2q-f2h5-6xmg) 2026-03-03 ✅ 已收录
CVE-2026-31995 ✅ PUBLISHED | [GHSA-wpph-cjgr-7c39](https://github.com/advisories/GHSA-wpph-cjgr-7c39) 2026-03-03 ✅ 已收录
CVE-2026-28449 ✅ PUBLISHED | [GHSA-25pw-4h6w-qwvm](https://github.com/advisories/GHSA-25pw-4h6w-qwvm) 2026-03-03 ✅ 已收录
CVE-2026-32025 ✅ PUBLISHED | [GHSA-2rgf-hm63-5qph](https://github.com/advisories/GHSA-2rgf-hm63-5qph) 2026-03-03 ✅ 已收录
CVE-2026-32033 ✅ PUBLISHED | [GHSA-534w-2vm4-89xr](https://github.com/advisories/GHSA-534w-2vm4-89xr) 2026-03-03 ✅ 已收录
CVE-2026-28480 ✅ PUBLISHED | [GHSA-h89v-j3x9-8wqj](https://github.com/advisories/GHSA-h89v-j3x9-8wqj) 2026-02-18 ✅ 已收录
CVE-2026-29612 ✅ PUBLISHED | [GHSA-g34w-4xqq-h79m](https://github.com/advisories/GHSA-g34w-4xqq-h79m) 2026-02-18 ✅ 已收录
CVE-2026-27524 ✅ PUBLISHED | [GHSA-8mf7-vv8w-hjr2](https://github.com/advisories/GHSA-8mf7-vv8w-hjr2) 2026-03-03 ✅ 已收录

📢 安全公告精选

154+
GHSA-rqpp-rjj CRITICAL
OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes
2026-03-13
GHSA-4jpw-hj2 CRITICAL
OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE
2026-03-13
GHSA-xw77-45g CRITICAL
OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes
2026-03-13
GHSA-pfv5-rpc HIGH
Duplicate Advisory: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
2026-03-19
GHSA-g2f6-pwv HIGH
OpneClaw accepts unsanitized iMessage attachment paths which allowed SCP remote-path command injection
2026-03-16
GHSA-jq3f-vjw HIGH
OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion
2026-03-16
GHSA-63f5-hhc HIGH
OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
2026-03-16
GHSA-g353-mgv HIGH
OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured
2026-03-13
GHSA-2rqg-gjg HIGH
OpenClaw: Gateway `agent` calls could override the workspace boundary
2026-03-13
GHSA-wcxr-59v HIGH
`OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
2026-03-13
GHSA-99qw-6mr HIGH
OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories
2026-03-13
GHSA-r7vr-gr7 HIGH
OpenClaw: Command-authorized non-owners could reach owner-only `/config` and `/debug` surfaces
2026-03-13

📊 漏洞分类

白名单绕过 (Allowlist Bypass)
60
注入攻击 (XSS/CSRF/Prompt/Command)
34
认证绕过 / 缺失认证
10
SSRF
5
拒绝服务 (DoS)
6
路径穿越 (CWE-22)
3
原型污染 (Prototype Pollution)
1

💡 关键洞察

📈
6.8
平均 CVSS 评分
🔴
183%
HIGH 及以上漏洞占比
100%
CVE 已发布到 cvelistV5
🛡️
100%
已提供修复版本
🏢
3
CNA 来源 (VulnCheck / GitHub / MITRE)
📦
npm
受影响包 (openclaw)