openclaw
560 tracked vulnerabilities.
CVE-2026-28469
HIGH
OpenClaw < 2026.2.14 - Authorization Bypass via Google Chat Webhook Path Ambiguity
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28468
HIGH
OpenClaw 2026.1.29-beta.1-2026.2.14 - Unauthenticated Browser Control Endpoint Access via Sandbox Bridge Server
Mar 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-28467
MEDIUM
OpenClaw < 2026.2.2 - Server-Side Request Forgery via Attachment and Media URL Hydration
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28466
CRITICAL
OpenClaw <2026.2.14 - Command Injection
Mar 05, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-28465
MEDIUM
OpenClaw voice-call <2026.2.3 - Auth Bypass
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-28464
MEDIUM
OpenClaw <2026.2.12 - Info Disclosure
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-28463
HIGH
OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Exec-Approval Allowlist
Mar 05, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-28462
HIGH
OpenClaw <2026.2.13 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28459
HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28458
HIGH
OpenClaw <2026.2.1 - Info Disclosure
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28457
MEDIUM
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28456
HIGH
OpenClaw 2026.1.5-2026.2.14 - Code Injection
Mar 05, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-28454
HIGH
OpenClaw < 2026.2.2 - Unauthenticated Privileged Command Execution via Telegram Webhook Spoofing
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28453
HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28452
MEDIUM
OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction
Mar 05, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-28451
HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Feishu Extension Media Fetching
Mar 05, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-28450
MEDIUM
OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints
Mar 05, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-28448
HIGH
OpenClaw 2026.1.29-2026.2.1 - Auth Bypass
Mar 05, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-28447
HIGH
OpenClaw 2026.1.29-beta.1-2026.2.1 - Path Traversal
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28446
CRITICAL
OpenClaw < 2026.2.2 - Authentication Bypass via Empty Caller ID or Suffix Matching
Mar 05, 2026
CVSS 9.4
EPSS 0.01
CVE-2026-28395
MEDIUM
OpenClaw 2026.1.14-1 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28394
MEDIUM
OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in Web Fetch Tool
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28393
HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-28392
HIGH
OpenClaw <2026.2.14 - Privilege Escalation
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28391
CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00
Products
Quick Filters