openclaw

560 tracked vulnerabilities.

CVE-2026-32065 MEDIUM
OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution
Mar 21, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-32064 HIGH
OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer
Mar 21, 2026
CVSS 7.7
EPSS 0.01
CVE-2026-32058 LOW
OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node
Mar 21, 2026
CVSS 2.6
EPSS 0.00
CVE-2026-32057 HIGH
OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter
Mar 21, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-32056 HIGH
OpenClaw < 2026.2.22 - Remote Code Execution via Shell Startup Environment Variable Injection in system.run
Mar 21, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-32055 HIGH
OpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent Symlink
Mar 21, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-32054 MEDIUM
OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling
Mar 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32053 MEDIUM
OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization
Mar 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32052 MEDIUM
OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers
Mar 21, 2026
CVSS 6.4
EPSS 0.01
CVE-2026-32051 HIGH
OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access
Mar 21, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-32050 LOW
OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass
Mar 21, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-32049 HIGH
OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass
Mar 21, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-32048 HIGH
OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn
Mar 21, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32046 MEDIUM
OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag
Mar 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32045 MEDIUM
OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth
Mar 21, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-32044 MEDIUM
OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation
Mar 21, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-32043 MEDIUM
OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter
Mar 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32042 HIGH
OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication
Mar 21, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-22172 CRITICAL
OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections
Mar 20, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-32041 MEDIUM
OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap
Mar 19, 2026
CVSS 6.9
EPSS 0.00
CVE-2026-32040 MEDIUM
OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation
Mar 19, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-32039 MEDIUM
OpenClaw < 2026.2.22 - Sender Authorization Bypass via Identity Collision in toolsBySender
Mar 19, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-32038 CRITICAL
OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter
Mar 19, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-32037 MEDIUM
OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling
Mar 19, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-32036 MEDIUM
OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels
Mar 19, 2026
CVSS 6.5
EPSS 0.00