openclaw
560 tracked vulnerabilities.
CVE-2026-26319
HIGH
OpenClaw < 2026.2.14 - Unauthenticated Webhook Spoofing via Missing Telnyx Signature Verification
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26317
HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via Unvalidated Origin/Referer
Feb 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-26316
HIGH
OpenClaw < 2026.2.13 - Incorrect Authorization via BlueBubbles Webhook Loopback Bypass
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25474
HIGH
OpenClaw < 2026.2.1 - Insufficient Verification of Telegram Webhook Secret Token
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-24764
LOW
OpenClaw <=2026.2.2 - Command Injection
Feb 19, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-25593
HIGH
OpenClaw < 2026.1.20 - Unauthenticated OS Command Injection via Gateway WebSocket API
Feb 06, 2026
CVSS 8.4
EPSS 0.01
CVE-2026-25475
MEDIUM
OpenClaw < 2026.1.30 - Unauthenticated Arbitrary File Read via MEDIA Path Traversal
Feb 04, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-25157
HIGH
OpenClaw < 2026.1.29 - OS Command Injection via Project Root Path in sshNodeCommand
Feb 04, 2026
CVSS 7.7
EPSS 0.01
CVE-2026-24763
HIGH
OpenClaw < 2026.1.29 - Authenticated OS Command Injection via PATH Environment Variable
Feb 02, 2026
CVSS 8.8
EPSS 0.05
CVE-2026-25253
HIGH
OpenClaw <2026.1.29 - Info Disclosure
Feb 01, 2026
CVSS 8.8
EPSS 0.08
Products
Quick Filters