openclaw

477 tracked vulnerabilities.

CVE-2026-28459 HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28458 HIGH
OpenClaw <2026.2.1 - Info Disclosure
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28457 MEDIUM
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28456 HIGH
OpenClaw 2026.1.5-2026.2.14 - Code Injection
Mar 05, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-28454 HIGH
OpenClaw < 2026.2.2 - Unauthenticated Privileged Command Execution via Telegram Webhook Spoofing
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28453 HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28452 MEDIUM
OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction
Mar 05, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-28451 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Feishu Extension Media Fetching
Mar 05, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-28450 MEDIUM
OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints
Mar 05, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-28448 HIGH
OpenClaw 2026.1.29-2026.2.1 - Auth Bypass
Mar 05, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-28447 HIGH
OpenClaw 2026.1.29-beta.1-2026.2.1 - Path Traversal
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28446 CRITICAL
OpenClaw < 2026.2.2 - Authentication Bypass via Empty Caller ID or Suffix Matching
Mar 05, 2026
CVSS 9.4
EPSS 0.01
CVE-2026-28395 MEDIUM
OpenClaw 2026.1.14-1 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28394 MEDIUM
OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in Web Fetch Tool
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28393 HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-28392 HIGH
OpenClaw <2026.2.14 - Privilege Escalation
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28363 CRITICAL
OpenClaw <2026.2.23 - Command Injection
Feb 27, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27576 MEDIUM
OpenClaw < 2026.2.17 - Uncontrolled Resource Consumption via Large Prompt Payloads
Feb 21, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-27488 HIGH
OpenClaw < 2026.2.19 - Server-Side Request Forgery via Cron Webhook Delivery
Feb 21, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-27487 HIGH
OpenClaw <2026.2.13 - Command Injection
Feb 21, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-27486 MEDIUM
OpenClaw CLI <2026.2.13 - Privilege Escalation
Feb 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27485 MEDIUM
OpenClaw <=2026.2.17 - Info Disclosure
Feb 21, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-27484 MEDIUM
OpenClaw <2026.2.17 - Privilege Escalation
Feb 21, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27009 MEDIUM
OpenClaw < 2026.2.15 - Stored Cross-Site Scripting via Assistant Identity Rendering
Feb 20, 2026
CVSS 5.8
EPSS 0.00
Products
openclaw 447 OpenClaw 383 crabbox 5 voice-call 2 bluebubbles 1 openclaw\/voice-call 1
Quick Filters
Critical CVEs With Exploits In CISA KEV