openclaw

560 tracked vulnerabilities.

CVE-2026-28469 HIGH
OpenClaw < 2026.2.14 - Authorization Bypass via Google Chat Webhook Path Ambiguity
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28468 HIGH
OpenClaw 2026.1.29-beta.1-2026.2.14 - Unauthenticated Browser Control Endpoint Access via Sandbox Bridge Server
Mar 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-28467 MEDIUM
OpenClaw < 2026.2.2 - Server-Side Request Forgery via Attachment and Media URL Hydration
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28466 CRITICAL
OpenClaw <2026.2.14 - Command Injection
Mar 05, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-28465 MEDIUM
OpenClaw voice-call <2026.2.3 - Auth Bypass
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-28464 MEDIUM
OpenClaw <2026.2.12 - Info Disclosure
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-28463 HIGH
OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Exec-Approval Allowlist
Mar 05, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-28462 HIGH
OpenClaw <2026.2.13 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28459 HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28458 HIGH
OpenClaw <2026.2.1 - Info Disclosure
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28457 MEDIUM
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28456 HIGH
OpenClaw 2026.1.5-2026.2.14 - Code Injection
Mar 05, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-28454 HIGH
OpenClaw < 2026.2.2 - Unauthenticated Privileged Command Execution via Telegram Webhook Spoofing
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28453 HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28452 MEDIUM
OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction
Mar 05, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-28451 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Feishu Extension Media Fetching
Mar 05, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-28450 MEDIUM
OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints
Mar 05, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-28448 HIGH
OpenClaw 2026.1.29-2026.2.1 - Auth Bypass
Mar 05, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-28447 HIGH
OpenClaw 2026.1.29-beta.1-2026.2.1 - Path Traversal
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28446 CRITICAL
OpenClaw < 2026.2.2 - Authentication Bypass via Empty Caller ID or Suffix Matching
Mar 05, 2026
CVSS 9.4
EPSS 0.01
CVE-2026-28395 MEDIUM
OpenClaw 2026.1.14-1 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28394 MEDIUM
OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in Web Fetch Tool
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28393 HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-28392 HIGH
OpenClaw <2026.2.14 - Privilege Escalation
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00