CVE-2026-44110 high 8.8
8.8
22d ago
OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries
npm
CVE-2026-43584 high 8.8
8.8
22d ago
OpenClaw: Exec environment denylist missed high-risk interpreter startup variables
npm
CVE-2026-43571 high 8.8
8.8
23d ago
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows
npm
CVE-2026-43569 high 8.8
8.8
23d ago
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
npm
CVE-2026-43531 high 8.8
8.8
23d ago
OpenClaw: Workspace .env could inject OpenClaw runtime-control variables
npm
CVE-2026-43530 high 8.8
8.8
23d ago
OpenClaw: busybox and toybox applet execution weakened exec approval binding
npm
CVE-2026-42435 high 8.8
8.8
23d ago
OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms
npm
CVE-2026-42434 high 8.8
8.8
23d ago
OpenClaw: Sandboxed agents could escape exec routing via host=node override
npm
CVE-2026-42426 high 8.8
8.8
1mo ago
OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval
npm
CVE-2026-42422 high 8.8
8.8
1mo ago
OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing
npm
CVE-2026-41404 high 8.8
8.8
1mo ago
OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode
npm
CVE-2026-41378 high 8.8
8.8
1mo ago
OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch
npm
CVE-2026-41359 high 8.8
8.8
1mo ago
OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
npm
CVE-2026-41352 high 8.8
8.8
1mo ago
OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md
npm
CVE-2026-41344 high 8.8
8.8
1mo ago
OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
npm
CVE-2026-44116 high 8.6
8.6
22d ago
OpenClaw validates Zalo outbound photo URLs through the SSRF guard
npm
CVE-2026-43533 high 8.6
8.6
23d ago
OpenClaw: QQBot media tags could read arbitrary local files through reply text
npm
CVE-2026-42439 high 8.5
8.5
23d ago
OpenClaw: Browser tabs action select and close routes bypassed SSRF policy
npm
CVE-2026-41914 high 8.5
8.5
1mo ago
OpenClaw QQ Bot Extension missing SSRF Protection on All Media Fetch Paths
npm
CVE-2026-41394 high 8.2
8.2
1mo ago
OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes
npm
CVE-2026-43535 high 8.1
8.1
23d ago
OpenClaw: Collect-mode queue batches could reuse the last sender authorization context
npm
CVE-2026-42431 high 8.1
8.1
1mo ago
OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard
npm
CVE-2026-41383 high 8.1
8.1
1mo ago
OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped
npm
CVE-2026-41364 high 8.1
8.1
1mo ago
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
npm
CVE-2026-41342 high 8.1
8.1
1mo ago
OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials
npm
CVE-2026-45004 high 7.8
7.8
17d ago
OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution
npm
CVE-2026-44118 high 7.8
7.8
22d ago
OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens
npm
CVE-2026-44114 high 7.8
7.8
22d ago
OpenClaw: Workspace dotenv could override runtime-control environment variables
npm
CVE-2026-42432 high 7.8
7.8
1mo ago
OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement
npm
CVE-2026-41396 high 7.8
7.8
1mo ago
OpenClaw: Workspace `.env` can override the bundled plugin trust root
npm
CVE-2026-41387 high 7.8
7.8
1mo ago
OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides
npm
CVE-2026-41384 high 7.8
7.8
1mo ago
OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config
npm
CVE-2026-41336 high 7.8
7.8
1mo ago
OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code
npm
CVE-2026-44113 high 7.7
7.7
22d ago
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
npm
CVE-2026-43580 high 7.7
7.7
22d ago
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
npm
CVE-2026-43576 high 7.7
7.7
22d ago
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
npm
CVE-2026-43573 high 7.7
7.7
23d ago
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
npm
CVE-2026-43532 high 7.7
7.7
23d ago
OpenClaw: Discord event cover images bypassed sandbox media normalization
npm
CVE-2026-43527 high 7.7
7.7
23d ago
OpenClaw: Browser SSRF policy default allowed private-network navigation
npm
CVE-2026-42438 high 7.7
7.7
23d ago
OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure
npm
CVE-2026-42436 high 7.7
7.7
23d ago
OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation
npm
CVE-2026-41912 high 7.6
7.6
1mo ago
OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation
npm
CVE-2026-42437 high 7.5
7.5
23d ago
OpenClaw: Voice-call realtime WebSocket accepted oversized frames
npm
CVE-2026-42423 high 7.5
7.5
1mo ago
OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts
npm
CVE-2026-41405 high 7.5
7.5
1mo ago
OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion
npm
CVE-2026-41400 high 7.5
7.5
1mo ago
OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)
npm
CVE-2026-41399 high 7.5
7.5
1mo ago
OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades
npm
CVE-2026-41395 high 7.5
7.5
1mo ago
OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering
npm
CVE-2026-41346 high 7.5
7.5
1mo ago
OpenClaw: Pairing pending-request caps were enforced per channel instead of per account
npm
CVE-2026-44995 high 7.3
7.3
17d ago
OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config
npm
CVE-2026-41392 high 7.3
7.3
1mo ago
OpenClaw: Shell init-file options could satisfy exec allowlist script matching
npm
CVE-2026-41390 high 7.3
7.3
1mo ago
OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper
npm
CVE-2026-41380 high 7.3
7.3
1mo ago
OpenClaw gateway exec allow-always over-trusts positional carrier executables
npm
CVE-2026-41355 high 7.3
7.3
1mo ago
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
npm
CVE-2026-42429 high 7.1
7.1
1mo ago
OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`
npm
CVE-2026-42428 high 7.1
7.1
1mo ago
OpenClaw B-M3: ClawHub package downloads are not enforced with integrity verification
npm
CVE-2026-41379 high 7.1
7.1
1mo ago
OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send
npm
CVE-2026-41347 high 7.1
7.1
1mo ago
OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
npm
CVE-2026-41913 low 3.7
3.7
1mo ago
OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths
npm
CVE-2026-41333 low 3.7
3.7
1mo ago
OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting
npm
CVE-2026-43529 low 2.5
2.5
23d ago
OpenClaw: TOCTOU read in exec script preflight
npm