Vulnerability List - Page 14

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2026-32977	OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unanchored writeFile Commit Path	OpenClaw	OpenClaw	Medium	6.3	2026-03-31 11:17:19	Deep Dive
CVE-2026-32982	OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs	OpenClaw	OpenClaw	High	7.5	2026-03-31 11:17:19	Deep Dive
CVE-2026-32976	OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands	OpenClaw	OpenClaw	Medium	6.5	2026-03-31 11:17:18	Deep Dive
CVE-2026-32970	OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs	OpenClaw	OpenClaw	Low	2.5	2026-03-31 11:17:17	Deep Dive
CVE-2026-32971	OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands	OpenClaw	OpenClaw	High	7.1	2026-03-31 11:17:17	Deep Dive
CVE-2026-32921	OpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.run	OpenClaw	OpenClaw	Medium	6.3	2026-03-31 11:17:16	Deep Dive
CVE-2026-32920	OpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace Plugins	OpenClaw	OpenClaw	High	8.4	2026-03-31 11:17:15	Deep Dive
CVE-2026-32917	OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP	OpenClaw	OpenClaw	Critical	9.8	2026-03-31 11:17:14	Deep Dive
CVE-2026-32916	OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes	OpenClaw	OpenClaw	Critical	9.4	2026-03-31 11:17:13	Deep Dive
CVE-2026-33574	OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download	OpenClaw	OpenClaw	Medium	6.2	2026-03-29 12:44:32	Deep Dive
CVE-2026-33575	OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes	OpenClaw	OpenClaw	High	7.5	2026-03-29 12:44:32	Deep Dive
CVE-2026-33573	OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters	OpenClaw	OpenClaw	High	8.8	2026-03-29 12:44:31	Deep Dive
CVE-2026-32987	OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing	OpenClaw	OpenClaw	Critical	9.8	2026-03-29 12:44:30	Deep Dive
CVE-2026-33572	OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files	OpenClaw	OpenClaw	High	8.4	2026-03-29 12:44:30	Deep Dive
CVE-2026-32980	OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request	OpenClaw	OpenClaw	High	7.5	2026-03-29 12:44:29	Deep Dive
CVE-2026-32978	OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners	OpenClaw	OpenClaw	High	8.0	2026-03-29 12:44:28	Deep Dive
CVE-2026-32979	OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval	OpenClaw	OpenClaw	High	7.3	2026-03-29 12:44:28	Deep Dive
CVE-2026-32975	OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist	OpenClaw	OpenClaw	Critical	9.8	2026-03-29 12:44:27	Deep Dive
CVE-2026-32973	OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization	OpenClaw	OpenClaw	Critical	9.8	2026-03-29 12:44:26	Deep Dive
CVE-2026-32974	OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token	OpenClaw	OpenClaw	High	8.6	2026-03-29 12:44:26	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List - Page 14