Package impact
npm / openclaw
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-41913 | low | 3.7 | 3.7 | 29d ago | OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths | |
| CVE-2026-41333 | low | 3.7 | 3.7 | 1mo ago | OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting | |
| CVE-2026-43529 | low | 2.5 | 2.5 | 23d ago | OpenClaw: TOCTOU read in exec script preflight |