VIR Vulnerability Intelligence Relay

Package impact

npm npm / openclaw

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-28470 unknown 3mo ago OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes npm
CVE-2026-28458 unknown 3mo ago OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access npm
CVE-2026-28391 unknown 3mo ago OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating npm
CVE-2026-28459 unknown 3mo ago OpenClaw has an arbitrary transcript path file write via gateway sessionFile npm
CVE-2026-28472 unknown 3mo ago OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated npm
CVE-2026-25593 unknown 4mo ago OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply npm
CVE-2026-25475 unknown 4mo ago OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction npm