Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / openclaw

openclaw

477 tracked vulnerabilities.

CVE-2026-32001 MEDIUM

OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication

CVE-2026-32000 HIGH

OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution

CVE-2026-31999 MEDIUM

OpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution Fallback

CVE-2026-31998 HIGH

OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds

CVE-2026-31997 MEDIUM

OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals

CVE-2026-31996 MEDIUM

OpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flags

CVE-2026-31995 MEDIUM

OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension

CVE-2026-31994 HIGH

OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

CVE-2026-31993 MEDIUM

OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

CVE-2026-31992 HIGH

OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S

CVE-2026-31991 LOW

OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist

CVE-2026-31990 MEDIUM

OpenClaw < 2026.3.2 - Symlink Traversal in stageSandboxMedia Destination

CVE-2026-31989 HIGH

OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect

CVE-2026-29608 MEDIUM

OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting

CVE-2026-29607 MEDIUM

OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence

CVE-2026-28461 HIGH

OpenClaw < 2026.3.1 - Unbounded Memory Growth in Zalo Webhook via Query String Key Churn

CVE-2026-28460 HIGH

OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run

CVE-2026-28449 MEDIUM

OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression

CVE-2026-27670 MEDIUM

OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition

CVE-2026-27566 HIGH

OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run

CVE-2026-22176 MEDIUM

OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation

CVE-2026-27545 MEDIUM

OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind

CVE-2026-27524 MEDIUM

OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path

CVE-2026-27523 MEDIUM

OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths

CVE-2026-27522 MEDIUM

OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions

Previous Page 15 of 20 Next

Products

openclaw 447 OpenClaw 383 crabbox 5 voice-call 2 bluebubbles 1 openclaw\/voice-call 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy