openclaw

560 tracked vulnerabilities.

CVE-2026-28363 CRITICAL
OpenClaw <2026.2.23 - Command Injection
Feb 27, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27576 MEDIUM
OpenClaw < 2026.2.17 - Uncontrolled Resource Consumption via Large Prompt Payloads
Feb 21, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-27488 HIGH
OpenClaw < 2026.2.19 - Server-Side Request Forgery via Cron Webhook Delivery
Feb 21, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-27487 HIGH
OpenClaw <2026.2.13 - Command Injection
Feb 21, 2026
CVSS 7.6
EPSS 0.01
CVE-2026-27486 MEDIUM
OpenClaw CLI <2026.2.13 - Privilege Escalation
Feb 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27485 MEDIUM
OpenClaw <=2026.2.17 - Info Disclosure
Feb 21, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-27484 MEDIUM
OpenClaw <2026.2.17 - Privilege Escalation
Feb 21, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27009 MEDIUM
OpenClaw < 2026.2.15 - Stored Cross-Site Scripting via Assistant Identity Rendering
Feb 20, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-27008 MEDIUM
OpenClaw <2026.2.15 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-27007 LOW
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-27004 MEDIUM
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27003 MEDIUM
OpenClaw <2026.2.15 - Info Disclosure
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27002 CRITICAL
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-27001 HIGH
OpenClaw <2026.2.15 - Command Injection
Feb 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-26972 MEDIUM
OpenClaw 2026.1.12-2026.2.12 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-26329 MEDIUM
OpenClaw <2026.2.14 - Path Traversal
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26328 MEDIUM
OpenClaw <2026.2.14 - Privilege Escalation
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26327 MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated TLS Certificate Pinning Bypass via Discovery Beacon TXT Records
Feb 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26326 MEDIUM
OpenClaw <2026.2.14 - Info Disclosure
Feb 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26325 HIGH
OpenClaw <2026.2.14 - Command Injection
Feb 19, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26324 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via IPv6 Literal Bypass
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26323 HIGH
OpenClaw 2026.1.8-2026.2.13 - Command Injection
Feb 19, 2026
CVSS 8.8
EPSS 0.02
CVE-2026-26322 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Gateway Tool URL Override
Feb 19, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-26321 HIGH
OpenClaw <2026.2.14 - Path Traversal
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26320 MEDIUM
OpenClaw macOS 2026.2.6-2026.2.13 - Command Injection
Feb 19, 2026
CVSS 6.5
EPSS 0.00