openclaw
560 tracked vulnerabilities.
CVE-2026-28363
CRITICAL
OpenClaw <2026.2.23 - Command Injection
Feb 27, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27576
MEDIUM
OpenClaw < 2026.2.17 - Uncontrolled Resource Consumption via Large Prompt Payloads
Feb 21, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-27488
HIGH
OpenClaw < 2026.2.19 - Server-Side Request Forgery via Cron Webhook Delivery
Feb 21, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-27487
HIGH
OpenClaw <2026.2.13 - Command Injection
Feb 21, 2026
CVSS 7.6
EPSS 0.01
CVE-2026-27486
MEDIUM
OpenClaw CLI <2026.2.13 - Privilege Escalation
Feb 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27485
MEDIUM
OpenClaw <=2026.2.17 - Info Disclosure
Feb 21, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-27484
MEDIUM
OpenClaw <2026.2.17 - Privilege Escalation
Feb 21, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27009
MEDIUM
OpenClaw < 2026.2.15 - Stored Cross-Site Scripting via Assistant Identity Rendering
Feb 20, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-27008
MEDIUM
OpenClaw <2026.2.15 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-27007
LOW
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-27004
MEDIUM
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27003
MEDIUM
OpenClaw <2026.2.15 - Info Disclosure
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27002
CRITICAL
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-27001
HIGH
OpenClaw <2026.2.15 - Command Injection
Feb 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-26972
MEDIUM
OpenClaw 2026.1.12-2026.2.12 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-26329
MEDIUM
OpenClaw <2026.2.14 - Path Traversal
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26328
MEDIUM
OpenClaw <2026.2.14 - Privilege Escalation
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26327
MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated TLS Certificate Pinning Bypass via Discovery Beacon TXT Records
Feb 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26326
MEDIUM
OpenClaw <2026.2.14 - Info Disclosure
Feb 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26325
HIGH
OpenClaw <2026.2.14 - Command Injection
Feb 19, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26324
HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via IPv6 Literal Bypass
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26323
HIGH
OpenClaw 2026.1.8-2026.2.13 - Command Injection
Feb 19, 2026
CVSS 8.8
EPSS 0.02
CVE-2026-26322
HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Gateway Tool URL Override
Feb 19, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-26321
HIGH
OpenClaw <2026.2.14 - Path Traversal
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26320
MEDIUM
OpenClaw macOS 2026.2.6-2026.2.13 - Command Injection
Feb 19, 2026
CVSS 6.5
EPSS 0.00
Products
Quick Filters