Vulnerabilities
CVE-2026-35630
OpenClaw: QQBot native approval buttons did not enforce configured approver identity
GHSA-hx4v-668p-g2qr
Duplicate Advisory: OpenClaw: QQBot native approval buttons did not enforce configured approver identity
GHSA-77q5-rr5v-x43q
OpenClaw: Trusted retry endpoint checks could match hostname prefixes
GHSA-w5ww-7chg-mxcq
OpenClaw: Telegram interactive callbacks could skip commands.allowFrom
GHSA-p73f-w79w-jqr5
OpenClaw: Native command authorization could skip owner-command enforcement
GHSA-j472-gf56-x589
OpenClaw: PowerShell encoded-command aliases could miss exec allowlist checks
CVE-2026-53818
OpenClaw: MCP loopback could skip owner-only tool policy for non-owner callers
CVE-2026-53813
OpenClaw: Fake package roots could influence memory-core artifact loading
GHSA-6c4r-g249-wv3c
OpenClaw: Sandboxed session spawn could expose the real workspace path to child prompts
CVE-2026-53809
OpenClaw: Embedded runner policy could be confused by provider aliases
CVE-2026-53811
OpenClaw: Matrix allowFrom could bind to mutable display names
GHSA-3wqp-prf6-2m72
OpenClaw: Feishu dynamic-agent bindings could miss configWrites enforcement
CVE-2026-53816
OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance
CVE-2026-53806
OpenClaw: Combined POSIX shell options could confuse exec revalidation
GHSA-4m3v-q747-pc6h
OpenClaw: Mattermost slash token revocation could lag until monitor refresh
GHSA-275c-xpvc-jgfw
OpenClaw: Slack and Zalo webhook secrets could remain active after secrets.reload
GHSA-xr4f-mjxj-w6w5
OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes
GHSA-w4v6-g3wm-w36c
OpenClaw: QQBot admin commands could skip DM-only and allowFrom policy
CVE-2026-53819
OpenClaw: Workspace .env could override Homebrew executable selection for skill install flows
GHSA-c29c-2q9c-pc86
OpenClaw: Slack allowFrom could bind to mutable display names
GHSA-hcm3-8f6r-6xwg
OpenClaw: Browser debug/export routes could reuse already-open blocked tabs
GHSA-gp79-m99v-gjmh
OpenClaw: Mattermost handlers could fall open when channel type was missing
GHSA-grc3-2j34-p6gm
OpenClaw: message.action forwarding could send Gateway credentials to model-supplied loopback URLs
GHSA-qjpc-qf9m-xwmr
OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing
GHSA-77pv-3w4q-vrj5
OpenClaw: QQBot pre-dispatch slash commands could skip allowFrom checks
GHSA-jvm4-4j77-39p6
OpenClaw: QQBot streaming command could mutate config without explicit allowFrom
GHSA-cqwv-9qjx-vxw2
OpenClaw: Skill Workshop apply flow could override pending approval
GHSA-wv26-j37q-2g7p
OpenClaw's Slack plugin approvals used the exec approver gate for plugin actions
GHSA-p2fh-f5fc-44hr
OpenClaw: memory-wiki ingest could read local files with operator.write scope
GHSA-83w9-h5wv-j9xm
OpenClaw: Node pairing reconnection could confuse approval scope state
GHSA-rggc-m335-3wvj
OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers
GHSA-hw9r-h9mr-4jff
OpenClaw: Scoped chat.send route inheritance could bypass admin command scope gates
CVE-2026-53810
OpenClaw's marketplace runtime extension metadata could point at unscanned payloads
GHSA-mhq8-78pj-5j79
OpenClaw's POSIX node system.run safe-bin allowlist could be widened by shell expansion
GHSA-2j8v-hwgc-x698
OpenClaw: Shell wrapper argv could change between approval and execution
CVE-2026-53814
OpenClaw: Hook-triggered CLI runs could receive owner MCP tool authority
CVE-2026-53812
OpenClaw's browser act interactions could bypass private-network navigation checks
CVE-2026-53817
OpenClaw: Control UI locality spoofing could mint a durable admin device token
GHSA-qh2f-99mv-mrcf
OpenClaw: Bundle MCP loopback could miss its exec denylist on session spawn
GHSA-xww8-gqvh-92x9
OpenClaw: Exec approval display truncation could hide the command being approved
CVE-2026-53815
OpenClaw: Message read actions could skip channel allowlist checks
GHSA-9c3v-684m-579c
OpenClaw MCP SSE redirects could forward Authorization headers
CVE-2026-53854
OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
CVE-2026-53844
OpenClaw: memory-wiki shared search could miss session visibility checks
GHSA-4qgr-57jq-93vh
Duplicate Advisory: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots
GHSA-3v3j-737j-7g74
Duplicate Advisory: Linux and macOS exec allowlists skipped configured argument patterns
CVE-2026-53852
OpenClaw: Empty-scope device re-pairing could confuse caller scope containment
GHSA-2w22-3f6x-3hf4
Duplicate Advisory: Workspace-derived service PATH could influence trash command selection
CVE-2026-53860
OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers
GHSA-8hj2-w4c9-fjfq
Duplicate Advisory: BlueBubbles sender policy could match mutable conversation identifiers
CVE-2026-53858
OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots
CVE-2026-53846
OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install
GHSA-6jm4-83g2-35gv
Duplicate Advisory: memory-wiki shared search could miss session visibility checks
CVE-2026-53850
OpenClaw: Focus command could miss controlScope enforcement
CVE-2026-53865
OpenClaw: Workspace-derived service PATH could influence trash command selection
GHSA-r2fx-hp6p-pgrm
Duplicate Advisory: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
GHSA-gw2c-6hcg-5g52
Duplicate Advisory: Focus command could miss controlScope enforcement
GHSA-qp5j-jr73-m2pw
Duplicate Advisory: Workspace .env npm_execpath could influence bundled runtime dependency install
CVE-2026-53856
OpenClaw: Config recovery could restore openclaw.json with broad file permissions
GHSA-hc4w-hm59-9w88
Duplicate Advisory: Empty-scope device re-pairing could confuse caller scope containment
CVE-2026-53853
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
CVE-2026-53849
OpenClaw: Discord allowFrom could bind to mutable display names
GHSA-p44v-rx83-vjp4
Duplicate Advisory: Discord allowFrom could bind to mutable display names
CVE-2026-53841
OpenClaw: Exported session HTML could keep unsafe markdown links
CVE-2026-53847
OpenClaw: Active Memory write scope could mutate global config
GHSA-w7m7-3xcf-mp48
Duplicate Advisory: Zalo allowFrom could bind to mutable display names
GHSA-r7vv-6763-m739
Duplicate Advisory: Skill-command dispatch could skip before-tool-call hooks
GHSA-6xcg-6q43-rj2v
Duplicate Advisory: Exported session HTML could keep unsafe markdown links
GHSA-vqj9-vhg4-27mg
Duplicate Advisory: Config recovery could restore openclaw.json with broad file permissions
CVE-2026-53845
OpenClaw: Skill-command dispatch could skip before-tool-call hooks
GHSA-58wc-8wrv-xp9j
Duplicate Advisory: Active Memory write scope could mutate global config
CVE-2026-53857
OpenClaw: Zalo allowFrom could bind to mutable display names
CVE-2026-53855
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
GHSA-27pq-2ph8-8x25
Duplicate Advisory: Shell positional parameters could weaken strict inline-eval checks
GHSA-c8w7-9w9h-x69q
Duplicate Advisory: Slack reaction events could ignore reaction notification settings
CVE-2026-53851
OpenClaw: Slack reaction events could ignore reaction notification settings
CVE-2026-53848
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers
GHSA-h9h6-pwqv-j9hv
Duplicate Advisory: Bootstrap token replay could widen pending pairing scopes
GHSA-vqx6-6j84-2794
Duplicate Advisory: Hostname checks could treat trailing-dot hosts inconsistently
CVE-2026-53859
OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently
CVE-2026-53862
OpenClaw: Bootstrap token replay could widen pending pairing scopes
GHSA-wrr6-p5r6-474m
Duplicate Advisory: Exec allowlist could miss side effects from transparent command wrappers
CVE-2026-53861
OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags
GHSA-g796-jqmx-wf9q
Duplicate Advisory: macOS Swift exec allowlist missed combined POSIX inline flags
GHSA-wrmq-9fc4-gwwj
Duplicate Advisory: Pairing-scoped device session could restore revoked node token authority
GHSA-vr6h-vxqj-3pjx
Duplicate Advisory: Host environment sanitizer missed two Node.js control variables
GHSA-v383-2wgg-v483
Duplicate Advisory: Shell inline-command parsing could miss an allowlist check
CVE-2026-53843
OpenClaw: Pairing-scoped device session could restore revoked node token authority
CVE-2026-53842
OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution
CVE-2026-53866
OpenClaw: Shell inline-command parsing could miss an allowlist check
CVE-2026-53864
OpenClaw: Host environment sanitizer missed two Node.js control variables
CVE-2026-53863
OpenClaw: Tool group policy callers could accept unvalidated group IDs
GHSA-8wmm-344f-mpjg
Duplicate Advisory: Tool group policy callers could accept unvalidated group IDs
CVE-2026-53840
OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin
CVE-2026-32062
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure
CVE-2026-32022
OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)
CVE-2026-22217
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL
CVE-2026-42429
OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`
CVE-2026-42432
OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement
CVE-2026-42437
OpenClaw: Voice-call realtime WebSocket accepted oversized frames
Ready to move
Start Securing
Free, no credit card | First findings in minutes