openclaw

560 tracked vulnerabilities.

CVE-2026-44995 HIGH
OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables
May 11, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-44994 MEDIUM
OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoint
May 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-44993 MEDIUM
OpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions
May 11, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-44992 MEDIUM
OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv
May 11, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-44991 MEDIUM
OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders
May 11, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-44118 HIGH
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header
May 06, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-44117 MEDIUM
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload
May 06, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-44116 HIGH
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation
May 06, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-44115 HIGH
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist
May 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44114 HIGH
OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv
May 06, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-44113 HIGH
OpenClaw < 2026.4.22 - Time-of-Check/Time-of-Use Race Condition in OpenShell FS Bridge
May 06, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-44112 CRITICAL
OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes
May 06, 2026
CVSS 9.6
EPSS 0.02
CVE-2026-44111 MEDIUM
OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get
May 06, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44110 HIGH
OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store
May 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44109 CRITICAL
OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation
May 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-43585 HIGH
OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution
May 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-43584 HIGH
OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy
May 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-43583 MEDIUM
OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43582 MEDIUM
OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass
May 06, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-43581 CRITICAL
OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding
May 06, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-43580 HIGH
OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions
May 06, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-43579 MEDIUM
OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes
May 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-43578 CRITICAL
OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade
May 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-43577 MEDIUM
OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes
May 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-43576 HIGH
OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL
May 06, 2026
CVSS 7.7
EPSS 0.00