openclaw
560 tracked vulnerabilities.
CVE-2026-32062
HIGH
OpenClaw 2026.2.21-2-2026.2.22 & @openclaw/voice-call 2026.2.21-2026.2.22 - DoS via Media-Stream WebSocket
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32061
MEDIUM
OpenClaw <2026.2.17 - Path Traversal
Mar 11, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-32060
HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 11, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-32059
HIGH
OpenClaw <2026.2.23 - Command Injection
Mar 11, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-29613
MEDIUM
OpenClaw < 2026.2.12 - Unauthenticated Webhook Authentication Bypass via Loopback RemoteAddress Trust
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-29612
MEDIUM
OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding
Mar 05, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-29611
HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29610
HIGH
OpenClaw <2026.2.14 - Command Injection
Mar 05, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-29609
HIGH
OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-Backed Media Fetch
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29606
MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated Webhook Signature Verification Bypass via Ngrok Loopback Compatibility
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28486
MEDIUM
OpenClaw 2026.1.16-2 - Path Traversal
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28485
HIGH
OpenClaw 2026.1.5-2026.2.12 - Auth Bypass
Mar 05, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-28482
HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28481
MEDIUM
OpenClaw <2026.1.30 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28480
MEDIUM
OpenClaw < 2026.2.14 - Authentication Bypass via Telegram Username Spoofing
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28479
HIGH
OpenClaw <2026.2.15 - Cache Poisoning
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28478
HIGH
OpenClaw < 2026.2.13 - Unauthenticated Denial of Service via Webhook Request Body Buffering
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28477
HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via OAuth State Validation Bypass
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28476
HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Tlon Urbit Extension Authentication
Mar 05, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-28475
MEDIUM
OpenClaw <2026.2.13 - Info Disclosure
Mar 05, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-28474
CRITICAL
OpenClaw Nextcloud Talk <2026.2.6 - Auth Bypass
Mar 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28473
HIGH
OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28472
HIGH
OpenClaw < 2026.2.2 - Unauthenticated Device Identity Check Bypass via Gateway WebSocket Connect Handshake
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28471
MEDIUM
OpenClaw 2026.1.14-1-2026.2.2 - Improper Authentication via Display Name and Localpart Matching
Mar 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28470
CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00
Products
Quick Filters