CVE-2026-44109 critical 9.8
9.8
21d ago
OpenClaw: Feishu webhook and card-action validation now fail closed
npm
CVE-2026-43585 critical 9.8
9.8
21d ago
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
npm
CVE-2026-43566 critical 9.8
9.8
22d ago
OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events
npm
CVE-2026-43534 critical 9.8
9.8
22d ago
OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input
npm
CVE-2026-41386 critical 9.8
9.8
29d ago
OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing
npm
CVE-2026-44112 critical 9.6
9.6
21d ago
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root
npm
CVE-2026-41397 critical 9.6
9.6
29d ago
OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal
npm
CVE-2026-43526 critical 9.3
9.3
22d ago
OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes
npm
CVE-2026-28395 critical 9.1
9.1
3mo ago
OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback
npm
CVE-2026-43584 high 8.8
8.8
21d ago
OpenClaw: Exec environment denylist missed high-risk interpreter startup variables
npm
CVE-2026-43571 high 8.8
8.8
22d ago
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows
npm
CVE-2026-43569 high 8.8
8.8
22d ago
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
npm
CVE-2026-43531 high 8.8
8.8
22d ago
OpenClaw: Workspace .env could inject OpenClaw runtime-control variables
npm
CVE-2026-43530 high 8.8
8.8
22d ago
OpenClaw: busybox and toybox applet execution weakened exec approval binding
npm
CVE-2026-42435 high 8.8
8.8
22d ago
OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms
npm
CVE-2026-42434 high 8.8
8.8
22d ago
OpenClaw: Sandboxed agents could escape exec routing via host=node override
npm
CVE-2026-42426 high 8.8
8.8
29d ago
OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval
npm
CVE-2026-42422 high 8.8
8.8
29d ago
OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing
npm
CVE-2026-41404 high 8.8
8.8
29d ago
OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode
npm
CVE-2026-41378 high 8.8
8.8
29d ago
OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch
npm
CVE-2026-41359 high 8.8
8.8
1mo ago
OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
npm
CVE-2026-41352 high 8.8
8.8
1mo ago
OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md
npm
CVE-2026-41344 high 8.8
8.8
1mo ago
OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
npm
CVE-2026-44116 high 8.6
8.6
21d ago
OpenClaw validates Zalo outbound photo URLs through the SSRF guard
npm
CVE-2026-43533 high 8.6
8.6
22d ago
OpenClaw: QQBot media tags could read arbitrary local files through reply text
npm
CVE-2026-42439 high 8.5
8.5
22d ago
OpenClaw: Browser tabs action select and close routes bypassed SSRF policy
npm
CVE-2026-41914 high 8.5
8.5
29d ago
OpenClaw QQ Bot Extension missing SSRF Protection on All Media Fetch Paths
npm
CVE-2026-41394 high 8.2
8.2
29d ago
OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes
npm
CVE-2026-43535 high 8.1
8.1
22d ago
OpenClaw: Collect-mode queue batches could reuse the last sender authorization context
npm
CVE-2026-42431 high 8.1
8.1
29d ago
OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard
npm
CVE-2026-41383 high 8.1
8.1
29d ago
OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped
npm
CVE-2026-41364 high 8.1
8.1
1mo ago
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
npm
CVE-2026-41342 high 8.1
8.1
1mo ago
OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials
npm
CVE-2026-6011 high 8.1
8.1
2mo ago
OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts
npm
CVE-2026-32067 high 8.1
8.1
2mo ago
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access
npm
CVE-2026-45004 high 7.8
7.8
16d ago
OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution
npm
CVE-2026-44118 high 7.8
7.8
21d ago
OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens
npm
CVE-2026-44114 high 7.8
7.8
21d ago
OpenClaw: Workspace dotenv could override runtime-control environment variables
npm
CVE-2026-42432 high 7.8
7.8
29d ago
OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement
npm
CVE-2026-41396 high 7.8
7.8
29d ago
OpenClaw: Workspace `.env` can override the bundled plugin trust root
npm
CVE-2026-41387 high 7.8
7.8
29d ago
OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides
npm
CVE-2026-41384 high 7.8
7.8
29d ago
OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config
npm
CVE-2026-41336 high 7.8
7.8
1mo ago
OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code
npm
CVE-2026-44113 high 7.7
7.7
21d ago
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
npm
CVE-2026-43580 high 7.7
7.7
21d ago
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
npm
CVE-2026-43576 high 7.7
7.7
21d ago
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
npm
CVE-2026-43573 high 7.7
7.7
22d ago
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
npm
CVE-2026-43532 high 7.7
7.7
22d ago
OpenClaw: Discord event cover images bypassed sandbox media normalization
npm
CVE-2026-43527 high 7.7
7.7
22d ago
OpenClaw: Browser SSRF policy default allowed private-network navigation
npm
CVE-2026-42438 high 7.7
7.7
22d ago
OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure
npm
CVE-2026-42436 high 7.7
7.7
22d ago
OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation
npm
CVE-2026-41912 high 7.6
7.6
29d ago
OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation
npm
CVE-2026-42437 high 7.5
7.5
22d ago
OpenClaw: Voice-call realtime WebSocket accepted oversized frames
npm
CVE-2026-42423 high 7.5
7.5
29d ago
OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts
npm
CVE-2026-41405 high 7.5
7.5
29d ago
OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion
npm
CVE-2026-41400 high 7.5
7.5
29d ago
OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)
npm
CVE-2026-41399 high 7.5
7.5
29d ago
OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades
npm
CVE-2026-41395 high 7.5
7.5
29d ago
OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering
npm
CVE-2026-41346 high 7.5
7.5
1mo ago
OpenClaw: Pairing pending-request caps were enforced per channel instead of per account
npm
CVE-2026-32846 high 7.5
7.5
2mo ago
OpenClaw is vulnerable to Path Traversal through path validation bypass
npm
CVE-2026-32062 high 7.5
7.5
3mo ago
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure
npm
CVE-2026-44995 high 7.3
7.3
16d ago
OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config
npm
CVE-2026-41392 high 7.3
7.3
29d ago
OpenClaw: Shell init-file options could satisfy exec allowlist script matching
npm
CVE-2026-41390 high 7.3
7.3
29d ago
OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper
npm
CVE-2026-41380 high 7.3
7.3
29d ago
OpenClaw gateway exec allow-always over-trusts positional carrier executables
npm
CVE-2026-41355 high 7.3
7.3
1mo ago
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
npm
CVE-2026-42429 high 7.1
7.1
29d ago
OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`
npm
CVE-2026-42428 high 7.1
7.1
29d ago
OpenClaw B-M3: ClawHub package downloads are not enforced with integrity verification
npm
CVE-2026-41379 high 7.1
7.1
29d ago
OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send
npm
CVE-2026-41347 high 7.1
7.1
1mo ago
OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
npm
CVE-2026-43583 medium 6.5
6.5
21d ago
OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay
npm
CVE-2026-43574 medium 6.5
6.5
22d ago
OpenClaw: Empty approver lists could grant explicit approval authorization
npm
CVE-2026-43570 medium 6.5
6.5
22d ago
OpenClaw contains a symlink traversal vulnerability
npm
CVE-2026-43568 medium 6.5
6.5
22d ago
OpenClaw: Memory dreaming config persistence was reachable from operator.write commands
npm
CVE-2026-43567 medium 6.5
6.5
22d ago
OpenClaw: screen_record outPath bypassed workspace-only filesystem guard
npm
CVE-2026-43528 medium 6.5
6.5
22d ago
OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases
npm
CVE-2026-42433 medium 6.5
6.5
22d ago
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools
npm
CVE-2026-42430 medium 6.5
6.5
29d ago
OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable
npm
CVE-2026-42420 medium 6.5
6.5
29d ago
OpenClaw: Multiple Code Paths Missing Base64 Pre-Allocation Size Checks
npm
CVE-2026-41911 medium 6.5
6.5
29d ago
OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)
npm
CVE-2026-41408 medium 6.5
6.5
29d ago
OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk
npm
CVE-2026-41388 medium 6.5
6.5
29d ago
OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config
npm
CVE-2026-41385 medium 6.5
6.5
29d ago
OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get
npm
CVE-2026-41376 medium 6.5
6.5
29d ago
OpenClaw: Matrix thread root and reply context bypass sender allowlist
npm
CVE-2026-41375 medium 6.5
6.5
29d ago
OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels
npm
CVE-2026-41369 medium 6.5
6.5
1mo ago
OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables
npm
CVE-2026-41363 medium 6.5
6.5
1mo ago
OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
npm
CVE-2026-41908 medium 6.5
6.5
1mo ago
OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization
npm
CVE-2026-32896 medium 6.5
6.5
2mo ago
OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)
npm
CVE-2026-32022 medium 6.5
6.5
2mo ago
OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)
npm
CVE-2026-43582 medium 6.3
6.3
21d ago
OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding
npm
CVE-2026-41915 medium 6.1
6.1
29d ago
OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant)
npm
CVE-2026-41391 medium 6.1
6.1
29d ago
OpenClaw: PIP_INDEX_URL and UV_INDEX_URL bypass host exec env sanitization and redirect Python package-index traffic
npm
CVE-2026-41373 medium 6.1
6.1
29d ago
OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides
npm
CVE-2026-35667 medium 6.1
6.1
2mo ago
OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`
npm
CVE-2026-22217 medium 6.1
6.1
2mo ago
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL
npm
CVE-2026-45005 medium 6.0
6.0
16d ago
OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload
npm
CVE-2026-44117 medium 5.8
5.8
21d ago
OpenClaw: QQBot direct media upload skipped URL SSRF validation
npm
CVE-2026-41372 medium 5.8
5.8
1mo ago
OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections
npm
CVE-2026-41389 medium 5.8
5.8
1mo ago
OpenClaw: Webchat media embedding enforces local-root containment for tool-result files
npm