openclaw
560 tracked vulnerabilities.
CVE-2026-62200
HIGH
OpenClaw < 2026.6.6 Authentication Bypass via Git ext transport
Jul 13, 2026
CVSS 8.8
CVE-2026-62199
HIGH
OpenClaw < 2026.6.6 Authentication Bypass via Environment Filtering
Jul 13, 2026
CVSS 8.8
CVE-2026-62198
MEDIUM
OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search
Jul 13, 2026
CVSS 4.3
CVE-2026-62197
HIGH
OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery
Jul 13, 2026
CVSS 8.5
CVE-2026-62196
HIGH
OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs
Jul 13, 2026
CVSS 8.3
CVE-2026-62195
HIGH
OpenClaw 2026.5.20 < 2026.6.6 Authorization Bypass via MCP loopback
Jul 13, 2026
CVSS 8.3
CVE-2026-62194
HIGH
OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install
Jul 13, 2026
CVSS 8.8
CVE-2026-62193
MEDIUM
OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install
Jul 13, 2026
CVSS 4.9
CVE-2026-62192
HIGH
OpenClaw 2026.6.6 < 2026.6.9 Authorization Bypass
Jul 13, 2026
CVSS 8.1
CVE-2026-62191
HIGH
OpenClaw 2026.6.6 < 2026.6.8 Authorization Bypass via Message Mutations
Jul 13, 2026
CVSS 7.1
CVE-2026-62190
HIGH
OpenClaw < 2026.6.9 Authorization Bypass via flock wrapper
Jul 13, 2026
CVSS 8.8
CVE-2026-62189
HIGH
OpenClaw < 2026.6.9 Symlink Following via Mirror Sync
Jul 13, 2026
CVSS 7.1
CVE-2026-62188
HIGH
OpenClaw < 2026.6.9 Feishu Authorization Bypass
Jul 13, 2026
CVSS 8.1
CVE-2026-62187
HIGH
OpenClaw < 2026.6.9 Feishu tools Authorization Bypass
Jul 13, 2026
CVSS 8.1
CVE-2026-62186
HIGH
OpenClaw < 2026.6.8 Authorization Bypass via HTTP Model Override
Jul 13, 2026
CVSS 7.6
CVE-2026-59261
HIGH
OpenClaw < 2026.5.28 - Credential Override via Workspace Dotenv Files
Jul 08, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-53866
HIGH
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing
Jun 16, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-53865
HIGH
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH
Jun 16, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-53864
HIGH
OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables
Jun 16, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-53863
HIGH
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy
Jun 16, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-53862
MEDIUM
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening
Jun 16, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-53861
MEDIUM
OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS
Jun 16, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-53860
MEDIUM
OpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubbles
Jun 16, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-53859
MEDIUM
OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency
Jun 16, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-53858
HIGH
OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable
Jun 16, 2026
CVSS 7.1
EPSS 0.00
Products
Quick Filters