openclaw

477 tracked vulnerabilities.

CVE-2026-27008 MEDIUM
OpenClaw <2026.2.15 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-27007 LOW
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-27004 MEDIUM
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27003 MEDIUM
OpenClaw <2026.2.15 - Info Disclosure
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27002 CRITICAL
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-27001 HIGH
OpenClaw <2026.2.15 - Command Injection
Feb 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-26972 MEDIUM
OpenClaw 2026.1.12-2026.2.12 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-26329 MEDIUM
OpenClaw <2026.2.14 - Path Traversal
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26328 MEDIUM
OpenClaw <2026.2.14 - Privilege Escalation
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26327 MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated TLS Certificate Pinning Bypass via Discovery Beacon TXT Records
Feb 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26326 MEDIUM
OpenClaw <2026.2.14 - Info Disclosure
Feb 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26325 HIGH
OpenClaw <2026.2.14 - Command Injection
Feb 19, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26324 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via IPv6 Literal Bypass
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26323 HIGH
OpenClaw 2026.1.8-2026.2.13 - Command Injection
Feb 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-26322 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Gateway Tool URL Override
Feb 19, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-26321 HIGH
OpenClaw <2026.2.14 - Path Traversal
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26320 MEDIUM
OpenClaw macOS 2026.2.6-2026.2.13 - Command Injection
Feb 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26319 HIGH
OpenClaw < 2026.2.14 - Unauthenticated Webhook Spoofing via Missing Telnyx Signature Verification
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26317 HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via Unvalidated Origin/Referer
Feb 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-26316 HIGH
OpenClaw < 2026.2.13 - Incorrect Authorization via BlueBubbles Webhook Loopback Bypass
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25474 HIGH
OpenClaw < 2026.2.1 - Insufficient Verification of Telegram Webhook Secret Token
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-24764 LOW
OpenClaw <=2026.2.2 - Command Injection
Feb 19, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-25593 HIGH
OpenClaw < 2026.1.20 - Unauthenticated OS Command Injection via Gateway WebSocket API
Feb 06, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-25475 MEDIUM
OpenClaw < 2026.1.30 - Unauthenticated Arbitrary File Read via MEDIA Path Traversal
Feb 04, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25157 HIGH
OpenClaw < 2026.1.29 - OS Command Injection via Project Root Path in sshNodeCommand
Feb 04, 2026
CVSS 7.7
EPSS 0.00
Products
openclaw 447 OpenClaw 383 crabbox 5 voice-call 2 bluebubbles 1 openclaw\/voice-call 1
Quick Filters
Critical CVEs With Exploits In CISA KEV