openclaw

477 tracked vulnerabilities.

CVE-2026-29609 HIGH
OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-Backed Media Fetch
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29606 MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated Webhook Signature Verification Bypass via Ngrok Loopback Compatibility
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28486 MEDIUM
OpenClaw 2026.1.16-2 - Path Traversal
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28485 HIGH
OpenClaw 2026.1.5-2026.2.12 - Auth Bypass
Mar 05, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-28482 HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28481 MEDIUM
OpenClaw <2026.1.30 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28480 MEDIUM
OpenClaw < 2026.2.14 - Authentication Bypass via Telegram Username Spoofing
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28479 HIGH
OpenClaw <2026.2.15 - Cache Poisoning
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28478 HIGH
OpenClaw < 2026.2.13 - Unauthenticated Denial of Service via Webhook Request Body Buffering
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28477 HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via OAuth State Validation Bypass
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28476 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Tlon Urbit Extension Authentication
Mar 05, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-28475 MEDIUM
OpenClaw <2026.2.13 - Info Disclosure
Mar 05, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-28474 CRITICAL
OpenClaw Nextcloud Talk <2026.2.6 - Auth Bypass
Mar 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28473 HIGH
OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28472 HIGH
OpenClaw < 2026.2.2 - Unauthenticated Device Identity Check Bypass via Gateway WebSocket Connect Handshake
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28471 MEDIUM
OpenClaw 2026.1.14-1-2026.2.2 - Improper Authentication via Display Name and Localpart Matching
Mar 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28470 CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28469 HIGH
OpenClaw < 2026.2.14 - Authorization Bypass via Google Chat Webhook Path Ambiguity
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28468 HIGH
OpenClaw 2026.1.29-beta.1-2026.2.14 - Unauthenticated Browser Control Endpoint Access via Sandbox Bridge Server
Mar 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-28467 MEDIUM
OpenClaw < 2026.2.2 - Server-Side Request Forgery via Attachment and Media URL Hydration
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28466 CRITICAL
OpenClaw <2026.2.14 - Command Injection
Mar 05, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-28465 MEDIUM
OpenClaw voice-call <2026.2.3 - Auth Bypass
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-28464 MEDIUM
OpenClaw <2026.2.12 - Info Disclosure
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-28463 HIGH
OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Exec-Approval Allowlist
Mar 05, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-28462 HIGH
OpenClaw <2026.2.13 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
Products
openclaw 447 OpenClaw 383 crabbox 5 voice-call 2 bluebubbles 1 openclaw\/voice-call 1
Quick Filters
Critical CVEs With Exploits In CISA KEV