openclaw
560 tracked vulnerabilities.
CVE-2026-32035
MEDIUM
OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler
Mar 19, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-32034
HIGH
OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP
Mar 19, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32033
MEDIUM
OpenClaw < 2026.2.24 - Path Traversal via @-prefixed Absolute Paths in Workspace Boundary Validation
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32032
HIGH
OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable
Mar 19, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-32031
MEDIUM
OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway
Mar 19, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-32030
HIGH
OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32029
MEDIUM
OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing
Mar 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32028
MEDIUM
OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress
Mar 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32027
MEDIUM
OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32026
MEDIUM
OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32025
HIGH
OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32024
MEDIUM
OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling
Mar 19, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-32023
HIGH
OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run
Mar 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-32022
MEDIUM
OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32021
MEDIUM
OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32020
LOW
OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler
Mar 19, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-32019
HIGH
OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard
Mar 19, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-32018
LOW
OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations
Mar 19, 2026
CVSS 3.6
EPSS 0.00
CVE-2026-32017
HIGH
OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist
Mar 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-32016
HIGH
OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS
Mar 19, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-32015
HIGH
OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation
Mar 19, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-32014
HIGH
OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields
Mar 19, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-32013
HIGH
OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods
Mar 19, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-32011
HIGH
OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32010
MEDIUM
OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter
Mar 19, 2026
CVSS 6.3
EPSS 0.00
Products
Quick Filters