openclaw

560 tracked vulnerabilities.

CVE-2026-32062 HIGH
OpenClaw 2026.2.21-2-2026.2.22 & @openclaw/voice-call 2026.2.21-2026.2.22 - DoS via Media-Stream WebSocket
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32061 MEDIUM
OpenClaw <2026.2.17 - Path Traversal
Mar 11, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-32060 HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 11, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-32059 HIGH
OpenClaw <2026.2.23 - Command Injection
Mar 11, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-29613 MEDIUM
OpenClaw < 2026.2.12 - Unauthenticated Webhook Authentication Bypass via Loopback RemoteAddress Trust
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-29612 MEDIUM
OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding
Mar 05, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-29611 HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29610 HIGH
OpenClaw <2026.2.14 - Command Injection
Mar 05, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-29609 HIGH
OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-Backed Media Fetch
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29606 MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated Webhook Signature Verification Bypass via Ngrok Loopback Compatibility
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28486 MEDIUM
OpenClaw 2026.1.16-2 - Path Traversal
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28485 HIGH
OpenClaw 2026.1.5-2026.2.12 - Auth Bypass
Mar 05, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-28482 HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28481 MEDIUM
OpenClaw <2026.1.30 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28480 MEDIUM
OpenClaw < 2026.2.14 - Authentication Bypass via Telegram Username Spoofing
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28479 HIGH
OpenClaw <2026.2.15 - Cache Poisoning
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28478 HIGH
OpenClaw < 2026.2.13 - Unauthenticated Denial of Service via Webhook Request Body Buffering
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28477 HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via OAuth State Validation Bypass
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28476 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Tlon Urbit Extension Authentication
Mar 05, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-28475 MEDIUM
OpenClaw <2026.2.13 - Info Disclosure
Mar 05, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-28474 CRITICAL
OpenClaw Nextcloud Talk <2026.2.6 - Auth Bypass
Mar 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28473 HIGH
OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28472 HIGH
OpenClaw < 2026.2.2 - Unauthenticated Device Identity Check Bypass via Gateway WebSocket Connect Handshake
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28471 MEDIUM
OpenClaw 2026.1.14-1-2026.2.2 - Improper Authentication via Display Name and Localpart Matching
Mar 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28470 CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00