Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / openclaw

openclaw

477 tracked vulnerabilities.

CVE-2026-44115 HIGH

OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist

CVE-2026-44114 HIGH

OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv

CVE-2026-44113 HIGH

OpenClaw < 2026.4.22 - Time-of-Check/Time-of-Use Race Condition in OpenShell FS Bridge

CVE-2026-44112 CRITICAL

OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes

CVE-2026-44111 MEDIUM

OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get

CVE-2026-44110 HIGH

OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

CVE-2026-44109 CRITICAL

OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation

CVE-2026-43585 HIGH

OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution

CVE-2026-43584 HIGH

OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy

CVE-2026-43583 MEDIUM

OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery

CVE-2026-43582 MEDIUM

OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass

CVE-2026-43581 CRITICAL

OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding

CVE-2026-43580 HIGH

OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions

CVE-2026-43579 MEDIUM

OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes

CVE-2026-43578 CRITICAL

OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade

CVE-2026-43577 MEDIUM

OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes

CVE-2026-43576 HIGH

OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL

CVE-2026-43575 CRITICAL

OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route

CVE-2026-43574 MEDIUM

OpenClaw < 2026.4.12 - Improper Authorization via Empty Approver Lists

CVE-2026-43573 HIGH

OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes

CVE-2026-43572 MEDIUM

OpenClaw 2026.4.10 < 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke Handler

CVE-2026-43571 HIGH

OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup

CVE-2026-43570 MEDIUM

OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling

CVE-2026-43569 HIGH

OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth

CVE-2026-43568 MEDIUM

OpenClaw 2026.4.5 < 2026.4.10 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint

Previous Page 2 of 20 Next

Products

openclaw 447 OpenClaw 383 crabbox 5 voice-call 2 bluebubbles 1 openclaw\/voice-call 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy