UCloud OpenClaw CVEs - 安全漏洞追踪

📋 已发布 CVE（cvelistV5）

110

CVE ID	严重性	CVSS	漏洞描述	发布日期
CVE-2026-32922	🟣 CRITICAL	9.4	OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate	2026-03-29
CVE-2026-32915	🟣 CRITICAL	9.3	OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface	2026-03-29
CVE-2026-32987	🟣 CRITICAL	9.3	OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing	2026-03-29
CVE-2026-28446	🟣 CRITICAL	9.2	OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching	2026-03-05
CVE-2026-25253	🔴 HIGH	8.8	OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl	2026-02-01
CVE-2026-24763	🔴 HIGH	8.8	OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable	2026-02-02
CVE-2026-32974	🔴 HIGH	8.8	OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token	2026-03-29
CVE-2026-41296	🔴 HIGH	8.8	OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile	2026-04-20
CVE-2026-28479	🔴 HIGH	8.7	OpenClaw < 2026.2.15 - Cache Poisoning via Deprecated SHA-1 Hash in Sandbox Configuration	2026-03-05
CVE-2026-28478	🔴 HIGH	8.7	OpenClaw affected by denial of service via unbounded webhook request body buffering	2026-03-05
CVE-2026-29609	🔴 HIGH	8.7	OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-backed Media Fetch	2026-03-05
CVE-2026-32042	🔴 HIGH	8.7	OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication	2026-03-21
CVE-2026-32982	🔴 HIGH	8.7	OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs	2026-03-31
CVE-2026-32059	🔴 HIGH	8.7	OpenClaw 2026.2.22-2 < 2026.2.23 - Allowlist Bypass via sort Long-Option Abbreviation in tools.exec.safeBins	2026-03-11
CVE-2026-33573	🔴 HIGH	8.7	OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters	2026-03-29
CVE-2026-35639	🔴 HIGH	8.7	OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation	2026-04-09
CVE-2026-35669	🔴 HIGH	8.7	OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope	2026-04-10
CVE-2026-35663	🔴 HIGH	8.7	OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim	2026-04-10
CVE-2026-33575	🔴 HIGH	8.6	OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes	2026-03-29
CVE-2026-34503	🔴 HIGH	8.6	OpenClaw < 2026.3.28 - Incomplete WebSocket Session Termination on Device Removal and Token Revocation	2026-03-31
CVE-2026-32064	🔴 HIGH	8.5	OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer	2026-03-21
CVE-2026-35625	🔴 HIGH	8.5	OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect	2026-04-09
CVE-2026-41295	🔴 HIGH	8.5	OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup	2026-04-20
CVE-2026-28393	🔴 HIGH	8.3	OpenClaw 2.0.0-beta3 < 2026.2.14 - Arbitrary JavaScript Module Loading via Hook Transform Path Traversal	2026-03-05
CVE-2026-28464	🔴 HIGH	8.2	OpenClaw < 2026.2.12 - Timing Attack in Hooks Token Authentication	2026-03-05
CVE-2026-28469	🔴 HIGH	8.2	OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting	2026-03-05
CVE-2026-25157	🔴 HIGH	7.8	OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand	2026-02-04
CVE-2026-32056	🔴 HIGH	7.7	OpenClaw < 2026.2.22 - Remote Code Execution via Shell Startup Environment Variable Injection in system.run	2026-03-21
CVE-2026-27487	🔴 HIGH	7.6	OpenClaw: Prevent shell injection in macOS keychain credential write	2026-02-21
CVE-2026-26324	🔴 HIGH	7.5	OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)	2026-02-19
CVE-2026-25474	🔴 HIGH	7.5	OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass	2026-02-19
CVE-2026-26316	🔴 HIGH	7.5	OpenClaw has BlueBubbles webhook auth bypass via loopback proxy trust	2026-02-19
CVE-2026-26319	🔴 HIGH	7.5	OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests	2026-02-19
CVE-2026-28485	🔴 HIGH	7.5	OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints	2026-03-05
CVE-2026-28458	🔴 HIGH	7.4	OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access	2026-03-05
CVE-2026-41342	🔴 HIGH	7.4	OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding	2026-04-23
CVE-2026-35660	🔴 HIGH	7.2	OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset	2026-04-10
CVE-2026-22175	🔴 HIGH	7.1	OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers	2026-03-18
CVE-2026-26320	🔴 HIGH	7.1	OpenClaw macOS deep link confirmation truncation can conceal executed agent message	2026-02-19
CVE-2026-22169	🔴 HIGH	7.1	OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins	2026-03-18
CVE-2026-26317	🔴 HIGH	7.1	OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints	2026-02-19
CVE-2026-29607	🔴 HIGH	7.1	OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence	2026-03-19
CVE-2026-32027	🔴 HIGH	7.1	OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist	2026-03-19
CVE-2026-35644	🔴 HIGH	7.1	OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots	2026-04-09
CVE-2026-40037	🔴 HIGH	7.1	OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects	2026-04-08
CVE-2026-41334	🔴 HIGH	7.1	OpenClaw < 2026.3.31 - Decompression Bomb Denial of Service via Image Pixel-Limit Guard Bypass	2026-04-23
CVE-2026-22178	🟡 MEDIUM	6.9	OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata	2026-03-18
CVE-2026-27004	🟡 MEDIUM	6.9	OpenClaw session tool visibility hardening and Telegram webhook secret fallback	2026-02-19
CVE-2026-28394	🟡 MEDIUM	6.9	OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in web_fetch Tool	2026-03-05
CVE-2026-28480	🟡 MEDIUM	6.9	OpenClaw Telegram allowlist authorization accepted mutable usernames	2026-03-05
CVE-2026-32063	🟡 MEDIUM	6.9	OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation	2026-03-11
CVE-2026-35637	🟡 MEDIUM	6.9	OpenClaw < 2026.3.22 - Premature Cite Expansion Before Authorization in Channel and DM	2026-04-09
CVE-2026-35655	🟡 MEDIUM	6.9	OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution	2026-04-10
CVE-2026-35627	🟡 MEDIUM	6.9	OpenClaw < 2026.3.22 - Unauthenticated Cryptographic Work in Nostr Inbound DM Handling	2026-04-09
CVE-2026-35665	🟡 MEDIUM	6.9	OpenClaw < 2026.3.24 - Denial of Service via Feishu Webhook Pre-Auth Body Parsing	2026-04-10
CVE-2026-35633	🟡 MEDIUM	6.9	OpenClaw < 2026.3.22 - Unbounded Memory Allocation via Remote Media Error Responses	2026-04-09
CVE-2026-41300	🟡 MEDIUM	6.9	OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding	2026-04-20
CVE-2026-41301	🟡 MEDIUM	6.9	OpenClaw: Forged Nostr DMs could create pairing state before signature verification	2026-04-20
CVE-2026-41343	🟡 MEDIUM	6.9	OpenClaw < 2026.3.31 - Denial of Service via LINE Webhook Handler Pre-Auth Concurrency	2026-04-23
CVE-2026-28486	🟡 MEDIUM	6.8	OpenClaw 2026.1.16-2 < 2026.2.14 - Path Traversal (Zip Slip) in Archive Extraction via Installation Commands	2026-03-05
CVE-2026-29612	🟡 MEDIUM	6.8	OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding	2026-03-05
CVE-2026-32024	🟡 MEDIUM	6.8	OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling	2026-03-19
CVE-2026-28452	🟡 MEDIUM	6.7	OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)	2026-03-05
CVE-2026-32061	🟡 MEDIUM	6.7	OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal	2026-03-11
CVE-2026-32044	🟡 MEDIUM	6.7	OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation	2026-03-21
CVE-2026-25475	🟡 MEDIUM	6.5	OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction	2026-02-04
CVE-2026-26328	🟡 MEDIUM	6.5	OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities	2026-02-19
CVE-2026-28475	🟡 MEDIUM	6.3	OpenClaw < 2026.2.13 - Timing Attack via Hook Token Comparison	2026-03-05
CVE-2026-32031	🟡 MEDIUM	6.3	OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway	2026-03-19
CVE-2026-32897	🟡 MEDIUM	6.3	OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback	2026-03-21
CVE-2026-35623	🟡 MEDIUM	6.3	OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Webhook Password Rate Limiting	2026-04-09
CVE-2026-33580	🟡 MEDIUM	6.3	OpenClaw < 2026.3.28 - Brute Force Attack via Missing Rate Limiting on Webhook Shared Secret Authentication	2026-03-31
CVE-2026-35635	🟡 MEDIUM	6.3	OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat	2026-04-09
CVE-2026-35656	🟡 MEDIUM	6.3	OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limiter	2026-04-10
CVE-2026-41337	🟡 MEDIUM	6.3	OpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call Replay	2026-04-23
CVE-2026-41351	🟡 MEDIUM	6.3	OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding	2026-04-23
CVE-2026-22181	🟡 MEDIUM	6.1	OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch	2026-03-18
CVE-2026-32034	🟡 MEDIUM	6.1	OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP	2026-03-19
CVE-2026-35645	🟡 MEDIUM	6.1	OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession	2026-04-09
CVE-2026-32002	🟡 MEDIUM	6	OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass	2026-03-19
CVE-2026-41345	🟡 MEDIUM	6	OpenClaw < 2026.3.31 - Authorization Header Leak via Cross-Origin Redirect in Media Download	2026-04-23
CVE-2026-40045	🟡 MEDIUM	5.9	OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws://	2026-04-20
CVE-2026-32010	🟡 MEDIUM	5.8	OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter	2026-03-19
CVE-2026-27670	🟡 MEDIUM	5.8	OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition	2026-03-19
CVE-2026-32035	🟡 MEDIUM	5.8	OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler	2026-03-19
CVE-2026-32977	🟡 MEDIUM	5.8	OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unanchored writeFile Commit Path	2026-03-31
CVE-2026-33574	🟡 MEDIUM	5.8	OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download	2026-03-29
CVE-2026-32065	🟡 MEDIUM	5.7	OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution	2026-03-21
CVE-2026-32001	🟡 MEDIUM	5.3	OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication	2026-03-19
CVE-2026-32898	🟡 MEDIUM	5.3	OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata	2026-03-21
CVE-2026-32895	🟡 MEDIUM	5.3	OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers	2026-03-21
CVE-2026-35642	🟡 MEDIUM	5.3	OpenClaw < 2026.3.25 - Authorization Bypass in Group Reactions via requireMention Bypass	2026-04-09
CVE-2026-35651	🟡 MEDIUM	5.3	OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt	2026-04-10
CVE-2026-41298	🟡 MEDIUM	5.3	OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint	2026-04-20
CVE-2026-41339	🟡 MEDIUM	5.3	OpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect Snapshot	2026-04-23
CVE-2026-41344	🟡 MEDIUM	5.3	OpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose Parameter	2026-04-23
CVE-2026-35634	🟡 MEDIUM	5.1	OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway	2026-04-09
CVE-2026-35659	🟡 MEDIUM	5.1	OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery	2026-04-10
CVE-2026-27007	🟡 MEDIUM	4.8	OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation	2026-02-19
CVE-2026-31997	🟡 MEDIUM	4.4	OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals	2026-03-19
CVE-2026-27486	🟡 MEDIUM	4.3	OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup	2026-02-21
CVE-2026-24764	🟢 LOW	3.7	OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions	2026-02-19
CVE-2026-32040	🟢 LOW	2.4	OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation	2026-03-19
CVE-2026-32006	🟢 LOW	2.3	OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist	2026-03-19
CVE-2026-32037	🟢 LOW	2.3	OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling	2026-03-19
CVE-2026-35617	🟢 LOW	2.3	OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName	2026-04-09
CVE-2026-41348	🟢 LOW	2.3	OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands	2026-04-23
CVE-2026-41356	🟢 LOW	2.3	OpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotate	2026-04-23
CVE-2026-32018	🟢 LOW	2	OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations	2026-03-19
CVE-2026-32067	🟢 LOW	2	OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store	2026-03-21

🔄 CVE 发布流水线

17/17 已发布

CVE ID	状态	CNA	GHSA 发布日期	cvelistV5
CVE-2026-24763	✅ PUBLISHED	GitHub_M	2026-02-02	✅ 已收录
CVE-2026-25157	✅ PUBLISHED	GitHub_M	2026-02-02	✅ 已收录
CVE-2026-25253	✅ PUBLISHED	mitre	2026-02-02	✅ 已收录
CVE-2026-26317	✅ PUBLISHED	GitHub_M	2026-02-18	✅ 已收录
CVE-2026-26328	✅ PUBLISHED	GitHub_M	2026-02-18	✅ 已收录
CVE-2026-28452	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-28458	✅ PUBLISHED	VulnCheck	2026-02-17	✅ 已收录
CVE-2026-28469	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-28478	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-28480	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-29612	✅ PUBLISHED	VulnCheck	2026-02-18	✅ 已收录
CVE-2026-40037	✅ PUBLISHED	VulnCheck	2026-04-09	✅ 已收录
CVE-2026-40045	✅ PUBLISHED	VulnCheck	2026-04-07	✅ 已收录
CVE-2026-41295	✅ PUBLISHED	VulnCheck	2026-04-07	✅ 已收录
CVE-2026-41298	✅ PUBLISHED	VulnCheck	2026-04-07	✅ 已收录
CVE-2026-41301	✅ PUBLISHED	VulnCheck	2026-04-07	✅ 已收录
CVE-2026-6011	✅ PUBLISHED	—	2026-04-10	✅ 已收录
CVE-2026-40037	✅ PUBLISHED	\| [GHSA-5wj5-87vq-39xm](https://github.com/advisories/GHSA-5wj5-87vq-39xm)	2026-04-09	✅ 已收录
CVE-2026-28469	✅ PUBLISHED	\| [GHSA-3fqr-4cg8-h96q](https://github.com/advisories/GHSA-3fqr-4cg8-h96q)	2026-02-18	✅ 已收录
CVE-2026-28478	✅ PUBLISHED	\| [GHSA-mr32-vwc2-5j6h](https://github.com/advisories/GHSA-mr32-vwc2-5j6h)	2026-02-18	✅ 已收录
CVE-2026-25157	✅ PUBLISHED	\| [GHSA-g8p2-7wf7-98mq](https://github.com/advisories/GHSA-g8p2-7wf7-98mq)	2026-02-02	✅ 已收录
CVE-2026-24763	✅ PUBLISHED	\| [GHSA-r2c6-8jc8-g32w](https://github.com/advisories/GHSA-r2c6-8jc8-g32w)	2026-02-02	✅ 已收录
CVE-2026-40045	✅ PUBLISHED	\| [GHSA-2qrv-rc5x-2g2h](https://github.com/advisories/GHSA-2qrv-rc5x-2g2h)	2026-04-07	✅ 已收录
CVE-2026-41298	✅ PUBLISHED	\| [GHSA-h43v-27wg-5mf9](https://github.com/advisories/GHSA-h43v-27wg-5mf9)	2026-04-07	✅ 已收录
CVE-2026-28480	✅ PUBLISHED	\| [GHSA-h89v-j3x9-8wqj](https://github.com/advisories/GHSA-h89v-j3x9-8wqj)	2026-02-18	✅ 已收录
CVE-2026-29612	✅ PUBLISHED	\| [GHSA-g34w-4xqq-h79m](https://github.com/advisories/GHSA-g34w-4xqq-h79m)	2026-02-18	✅ 已收录
CVE-2026-6011	✅ PUBLISHED	\| [GHSA-5f7h-p83x-5vc2](https://github.com/advisories/GHSA-5f7h-p83x-5vc2)	2026-04-10	✅ 已收录

📢 安全公告精选

142+

GHSA-xh72-v6v CRITICAL

OpenClaw: Feishu webhook and card-action validation now fail closed

2026-04-17

GHSA-mr34-955 HIGH

OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

2026-04-17

GHSA-2gvc-4f3 HIGH

OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries

2026-04-17

GHSA-xmxx-7p2 HIGH

OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

2026-04-17

GHSA-66r7-m7x HIGH

OpenClaw: QQBot media tags could read arbitrary local files through reply text

2026-04-17

GHSA-2cq5-mf3 HIGH

OpenClaw: busybox and toybox applet execution weakened exec approval binding

2026-04-17

GHSA-7jp6-r74 HIGH

OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

2026-04-17

GHSA-736r-jwj HIGH

OpenClaw: Sandboxed agents could escape exec routing via host=node override

2026-04-17

GHSA-939r-rj4 HIGH

OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins

2026-04-17

GHSA-525j-hqq HIGH

OpenClaw: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0

2026-04-17

GHSA-82qx-6vj HIGH

OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows

2026-04-17

GHSA-vfp4-8x5 HIGH

OpenClaw: Exec environment denylist missed high-risk interpreter startup variables

2026-04-17

📊 漏洞分类

白名单绕过 (Allowlist Bypass)

注入攻击 (XSS/CSRF/Prompt/Command)

认证绕过 / 缺失认证

SSRF

拒绝服务 (DoS)

路径穿越 (CWE-22)

原型污染 (Prototype Pollution)

💡 关键洞察

📈

6.7

平均 CVSS 评分

🔴

194%

HIGH 及以上漏洞占比

⚡

100%

CVE 已发布到 cvelistV5

🛡️

100%

已提供修复版本

🏢

CNA 来源 (VulnCheck / GitHub / MITRE)

📦

npm

受影响包 (openclaw)

🛡️ UCloud OpenClaw CVEs

📋 已发布 CVE（cvelistV5）

🔄 CVE 发布流水线

📢 安全公告精选

📊 漏洞分类

💡 关键洞察