100 Total advisories
100 Vulnerabilities
0 Malware
Vulnerabilities
HIGH 7.5
CVE-2026-32062
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure
MEDIUM 6.5
CVE-2026-32022
OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)
MEDIUM 6.1
CVE-2026-22217
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL
HIGH 7.1
CVE-2026-42429
OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`
HIGH 7.8
CVE-2026-42432
OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement
HIGH 7.5
CVE-2026-42437
OpenClaw: Voice-call realtime WebSocket accepted oversized frames
HIGH 7.5
CVE-2026-32846
OpenClaw is vulnerable to Path Traversal through path validation bypass
UNKNOWN
CVE-2026-45003
OpenClaw: Workspace dotenv files cannot override connector endpoint hosts
UNKNOWN
CVE-2026-44992
OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests
UNKNOWN
CVE-2026-44991
OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners
UNKNOWN
CVE-2026-44995
OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config
UNKNOWN
CVE-2026-44999
OpenClaw: Isolated cron awareness events were recorded as trusted system events
UNKNOWN
CVE-2026-45002
OpenClaw: Hook mapping templates could bypass hook session-key opt-in
HIGH 7.8
CVE-2026-45004
OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution
MEDIUM 6.0
CVE-2026-45005
OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload
UNKNOWN
CVE-2026-44997
OpenClaw's ACP child sessions inherit subagent security envelope constraints
HIGH 7.8
GHSA-xpr6-2hgm-4wwp
Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution
MEDIUM 4.3
GHSA-w626-296m-8f85
Duplicate Advisory: OpenClaw's ACP child sessions inherit subagent security envelope constraints
MEDIUM 6.0
GHSA-v8j2-5f9p-fmh4
Duplicate Advisory: OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload
MEDIUM 5.0
GHSA-4mhr-cxr4-2prm
Duplicate Advisory: OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests
MEDIUM 4.2
GHSA-p3pv-c954-9m6f
Duplicate Advisory: OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners
HIGH 7.3
GHSA-p3m6-jr2h-hhxj
Duplicate Advisory: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config
MEDIUM 5.3
GHSA-m5j2-r859-r5cv
Duplicate Advisory: OpenClaw: Isolated cron awareness events were recorded as trusted system events
MEDIUM 5.3
GHSA-9j32-3m66-mc4m
Duplicate Advisory: OpenClaw: Hook mapping templates could bypass hook session-key opt-in
MEDIUM 5.0
GHSA-5jgm-f9wr-9qm7
Duplicate Advisory: OpenClaw: Workspace dotenv files cannot override connector endpoint hosts
UNKNOWN
GHSA-x3h8-jrgh-p8jx
OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs
MEDIUM 5.3
GHSA-82rm-qcfx-2v78
Duplicate Advisory: OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay
HIGH 7.7
CVE-2026-43576
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
MEDIUM 5.3
CVE-2026-44112
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root
HIGH 7.7
CVE-2026-43580
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
MEDIUM 5.3
CVE-2026-44113
OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
HIGH 7.8
CVE-2026-44114
OpenClaw: Workspace dotenv could override runtime-control environment variables
HIGH 8.8
CVE-2026-43584
OpenClaw: Exec environment denylist missed high-risk interpreter startup variables
UNKNOWN
CVE-2026-43583
OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay
HIGH 7.8
CVE-2026-44118
OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens
MEDIUM 5.8
CVE-2026-44117
OpenClaw: QQBot direct media upload skipped URL SSRF validation
HIGH 8.1
CVE-2026-43585
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
HIGH 8.6
CVE-2026-44116
OpenClaw validates Zalo outbound photo URLs through the SSRF guard
CRITICAL 9.8
CVE-2026-44109
OpenClaw: Feishu webhook and card-action validation now fail closed
MEDIUM 6.3
CVE-2026-43582
OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding
MEDIUM 5.3
GHSA-6f72-9gxx-98mj
Duplicate Advisory: OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root
HIGH 7.7
GHSA-wwwc-f646-vj2j
Duplicate Advisory: OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
HIGH 8.6
GHSA-qvmw-h675-h7qg
Duplicate Advisory: OpenClaw validates Zalo outbound photo URLs through the SSRF guard
HIGH 7.8
GHSA-35vf-vw9f-q3cr
Duplicate Advisory: OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens
HIGH 8.8
GHSA-xrgf-r9gr-jjjf
Duplicate Advisory: OpenClaw: Exec environment denylist missed high-risk interpreter startup variables
MEDIUM 6.3
GHSA-w7rc-vvgx-pj45
Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding
MEDIUM 5.8
GHSA-r747-33r4-rmjw
Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation
HIGH 8.1
GHSA-m8wm-r5vq-qjpg
Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
CRITICAL 9.8
GHSA-cjg8-85gj-v9q2
Duplicate Advisory: OpenClaw: Feishu webhook and card-action validation now fail closed
MEDIUM 5.3
GHSA-frr5-j3mh-h9ch
Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
HIGH 7.8
GHSA-9r9j-3r2w-fg3v
Duplicate Advisory: OpenClaw: Workspace dotenv could override runtime-control environment variables
HIGH 7.7
GHSA-3r56-7hhr-vfg9
Duplicate Advisory: OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
HIGH 8.8
CVE-2026-43531
OpenClaw: Workspace .env could inject OpenClaw runtime-control variables
HIGH 7.7
CVE-2026-43573
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
MEDIUM 6.5
CVE-2026-43570
OpenClaw contains a symlink traversal vulnerability
HIGH 8.5
CVE-2026-42439
OpenClaw: Browser tabs action select and close routes bypassed SSRF policy
MEDIUM 5.4
CVE-2026-41344
OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
HIGH 7.3
CVE-2026-41342
OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials
HIGH 7.1
CVE-2026-41359
OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
MEDIUM 5.3
CVE-2026-41363
OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
UNKNOWN
CVE-2026-41365
OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API
CRITICAL 9.1
CVE-2026-43534
OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input
MEDIUM 6.5
CVE-2026-43574
OpenClaw: Empty approver lists could grant explicit approval authorization
MEDIUM 6.5
CVE-2026-42433
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools
HIGH 8.2
CVE-2026-43526
OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes
MEDIUM 6.8
CVE-2026-43535
OpenClaw: Collect-mode queue batches could reuse the last sender authorization context
HIGH 8.8
CVE-2026-43530
OpenClaw: busybox and toybox applet execution weakened exec approval binding
HIGH 7.7
CVE-2026-42436
OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation
HIGH 8.8
CVE-2026-43569
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
HIGH 8.8
CVE-2026-43571
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows
HIGH 7.7
CVE-2026-43527
OpenClaw: Browser SSRF policy default allowed private-network navigation
HIGH 8.8
CVE-2026-42434
OpenClaw: Sandboxed agents could escape exec routing via host=node override
CRITICAL 9.1
CVE-2026-43566
OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events
HIGH 7.7
CVE-2026-43532
OpenClaw: Discord event cover images bypassed sandbox media normalization
MEDIUM 5.8
CVE-2026-41389
OpenClaw: Webchat media embedding enforces local-root containment for tool-result files
UNKNOWN
CVE-2026-41354
OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders
LOW 3.7
GHSA-6477-wvjj-47v6
Duplicate Advisory: OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders
LOW 3.7
CVE-2026-41333
OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting
HIGH 8.8
CVE-2026-41352
OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md
MEDIUM 5.4
CVE-2026-41348
OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist
MEDIUM 5.3
CVE-2026-41346
OpenClaw: Pairing pending-request caps were enforced per channel instead of per account
MEDIUM 5.3
CVE-2026-41337
OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection
HIGH 7.1
CVE-2026-41347
OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
MEDIUM 5.4
CVE-2026-41356
OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation
MEDIUM 4.9
CVE-2026-41332
OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override
MEDIUM 5.3
CVE-2026-41343
OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification
UNKNOWN
CVE-2026-41335
OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability
MEDIUM 5.3
CVE-2026-41351
OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding
HIGH 7.3
CVE-2026-41355
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
MEDIUM 5.4
CVE-2026-41341
OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message
HIGH 7.8
CVE-2026-41336
OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code
MEDIUM 4.3
CVE-2026-41339
OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
HIGH 7.3
GHSA-gv2f-q4wp-fvh5
Duplicate Advisory: OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials
MEDIUM 5.4
GHSA-v3c2-39fm-jq4h
Duplicate Advisory: OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
CRITICAL 9.8
CVE-2026-41386
OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing
HIGH 7.1
GHSA-394x-274p-mqc6
Duplicate Advisory: OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
MEDIUM 6.5
CVE-2026-41376
OpenClaw: Matrix thread root and reply context bypass sender allowlist
MEDIUM 5.3
GHSA-qp56-gp47-jwj3
Duplicate Advisory: OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
CRITICAL 9.6
CVE-2026-41397
OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal
HIGH 7.3
CVE-2026-41392
OpenClaw: Shell init-file options could satisfy exec allowlist script matching
Ready to move
Start Securing
Free, no credit card | First findings in minutes