openclaw
560 tracked vulnerabilities.
CVE-2026-53857
HIGH
OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy
Jun 16, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-53856
MEDIUM
OpenClaw 2026.4.23 < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw.json
Jun 16, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-53855
HIGH
OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks
Jun 16, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-53854
MEDIUM
OpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Internal/Webchat Commands
Jun 16, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-53853
HIGH
OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS
Jun 16, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-53852
MEDIUM
OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing
Jun 16, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-53851
MEDIUM
OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass
Jun 16, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-53850
MEDIUM
OpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command
Jun 16, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-53849
HIGH
OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom
Jun 16, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-53848
MEDIUM
OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers
Jun 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-53847
MEDIUM
OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope
Jun 16, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-53846
HIGH
OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath
Jun 16, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-53845
MEDIUM
OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping
Jun 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-53844
MEDIUM
OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search
Jun 16, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-53843
HIGH
OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session
Jun 16, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-53842
HIGH
OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable
Jun 16, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-53841
MEDIUM
OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTML
Jun 16, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-53840
HIGH
OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirects
Jun 16, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-53839
MEDIUM
OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation
Jun 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-53838
CRITICAL
OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection
Jun 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-53837
LOW
OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers
Jun 12, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-53836
HIGH
OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases
Jun 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-53835
MEDIUM
OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings
Jun 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-53834
HIGH
OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands
Jun 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-53833
HIGH
OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command
Jun 12, 2026
CVSS 7.7
EPSS 0.00
Products
Quick Filters