openclaw

560 tracked vulnerabilities.

CVE-2026-62200 HIGH
OpenClaw < 2026.6.6 Authentication Bypass via Git ext transport
Jul 13, 2026
CVSS 8.8
CVE-2026-62199 HIGH
OpenClaw < 2026.6.6 Authentication Bypass via Environment Filtering
Jul 13, 2026
CVSS 8.8
CVE-2026-62198 MEDIUM
OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search
Jul 13, 2026
CVSS 4.3
CVE-2026-62197 HIGH
OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery
Jul 13, 2026
CVSS 8.5
CVE-2026-62196 HIGH
OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs
Jul 13, 2026
CVSS 8.3
CVE-2026-62195 HIGH
OpenClaw 2026.5.20 < 2026.6.6 Authorization Bypass via MCP loopback
Jul 13, 2026
CVSS 8.3
CVE-2026-62194 HIGH
OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install
Jul 13, 2026
CVSS 8.8
CVE-2026-62193 MEDIUM
OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install
Jul 13, 2026
CVSS 4.9
CVE-2026-62192 HIGH
OpenClaw 2026.6.6 < 2026.6.9 Authorization Bypass
Jul 13, 2026
CVSS 8.1
CVE-2026-62191 HIGH
OpenClaw 2026.6.6 < 2026.6.8 Authorization Bypass via Message Mutations
Jul 13, 2026
CVSS 7.1
CVE-2026-62190 HIGH
OpenClaw < 2026.6.9 Authorization Bypass via flock wrapper
Jul 13, 2026
CVSS 8.8
CVE-2026-62189 HIGH
OpenClaw < 2026.6.9 Symlink Following via Mirror Sync
Jul 13, 2026
CVSS 7.1
CVE-2026-62188 HIGH
OpenClaw < 2026.6.9 Feishu Authorization Bypass
Jul 13, 2026
CVSS 8.1
CVE-2026-62187 HIGH
OpenClaw < 2026.6.9 Feishu tools Authorization Bypass
Jul 13, 2026
CVSS 8.1
CVE-2026-62186 HIGH
OpenClaw < 2026.6.8 Authorization Bypass via HTTP Model Override
Jul 13, 2026
CVSS 7.6
CVE-2026-59261 HIGH
OpenClaw < 2026.5.28 - Credential Override via Workspace Dotenv Files
Jul 08, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-53866 HIGH
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing
Jun 16, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-53865 HIGH
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH
Jun 16, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-53864 HIGH
OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables
Jun 16, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-53863 HIGH
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy
Jun 16, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-53862 MEDIUM
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening
Jun 16, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-53861 MEDIUM
OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS
Jun 16, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-53860 MEDIUM
OpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubbles
Jun 16, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-53859 MEDIUM
OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency
Jun 16, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-53858 HIGH
OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable
Jun 16, 2026
CVSS 7.1
EPSS 0.00