openclaw
560 tracked vulnerabilities.
CVE-2026-28449
MEDIUM
OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27670
MEDIUM
OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition
Mar 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27566
HIGH
OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run
Mar 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-22176
MEDIUM
OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation
Mar 19, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-27545
MEDIUM
OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind
Mar 18, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27524
MEDIUM
OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path
Mar 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27523
MEDIUM
OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths
Mar 18, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27522
MEDIUM
OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions
Mar 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-22217
MEDIUM
OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback
Mar 18, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-22181
HIGH
OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch
Mar 18, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-22180
MEDIUM
OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations
Mar 18, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22179
HIGH
OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run
Mar 18, 2026
CVSS 7.2
EPSS 0.01
CVE-2026-22178
MEDIUM
OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata
Mar 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-22177
MEDIUM
OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars
Mar 18, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-22175
HIGH
OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers
Mar 18, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-22174
MEDIUM
OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe
Mar 18, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-22171
HIGH
OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming
Mar 18, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-22170
MEDIUM
OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration
Mar 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-22169
MEDIUM
OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins
Mar 18, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-22168
MEDIUM
OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run
Mar 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32302
HIGH
OpenClaw < 2026.3.11 - Unauthenticated Privilege Escalation via WebSocket Origin Validation Bypass
Mar 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-4040
LOW
OpenClaw <2026.2.17 - Info Disclosure
Mar 12, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-4039
MEDIUM
OpenClaw 2026.2.19-2 - Code Injection
Mar 12, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-30741
CRITICAL
OpenClaw Agent Platform 2026.2.6 - RCE
Mar 11, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-32063
HIGH
OpenClaw <2026.2.21 - Command Injection
Mar 11, 2026
CVSS 7.1
EPSS 0.01
Products
Quick Filters