| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-27523 | OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths | OpenClaw | OpenClaw | Medium | 6.1 | 2026-03-18 01:34:27 | Deep Dive |
| CVE-2026-22217 | OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback | OpenClaw | OpenClaw | Medium | 6.1 | 2026-03-18 01:34:26 | Deep Dive |
| CVE-2026-27522 | OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions | OpenClaw | OpenClaw | Medium | 6.5 | 2026-03-18 01:34:26 | Deep Dive |
| CVE-2026-22181 | OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch | OpenClaw | OpenClaw | High | 7.6 | 2026-03-18 01:34:25 | Deep Dive |
| CVE-2026-22180 | OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations | OpenClaw | OpenClaw | Medium | 5.3 | 2026-03-18 01:34:24 | Deep Dive |
| CVE-2026-22179 | OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run | OpenClaw | OpenClaw | High | 7.2 | 2026-03-18 01:34:23 | Deep Dive |
| CVE-2026-22177 | OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars | OpenClaw | OpenClaw | Medium | 6.1 | 2026-03-18 01:34:22 | Deep Dive |
| CVE-2026-22178 | OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata | OpenClaw | OpenClaw | Medium | 6.5 | 2026-03-18 01:34:22 | Deep Dive |
| CVE-2026-22175 | OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers | OpenClaw | OpenClaw | High | 7.1 | 2026-03-18 01:34:21 | Deep Dive |
| CVE-2026-22174 | OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe | OpenClaw | OpenClaw | Medium | 6.8 | 2026-03-18 01:34:20 | Deep Dive |
| CVE-2026-22171 | OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming | OpenClaw | OpenClaw | High | 8.2 | 2026-03-18 01:34:19 | Deep Dive |
| CVE-2026-22169 | OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins | OpenClaw | OpenClaw | Medium | 6.7 | 2026-03-18 01:34:18 | Deep Dive |
| CVE-2026-22170 | OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration | OpenClaw | OpenClaw | Medium | 6.5 | 2026-03-18 01:34:18 | Deep Dive |
| CVE-2026-22168 | OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run | OpenClaw | OpenClaw | Medium | 6.5 | 2026-03-18 01:34:17 | Deep Dive |
| CVE-2026-32302 | OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode | openclaw | openclaw | High | 8.1 | 2026-03-12 21:22:29 | Deep Dive |
| CVE-2026-4040 | OpenClaw File Existence tools.exec.safeBins information exposure | - | OpenClaw | Low | 3.3 | 2026-03-12 12:02:14 | Deep Dive |
| CVE-2026-4039 | OpenClaw Skill Env applySkillConfigenvOverrides code injection | - | OpenClaw | Medium | 6.3 | 2026-03-12 12:02:10 | Deep Dive |
| CVE-2026-32063 | OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation | openclaw | openclaw | High | 7.1 | 2026-03-11 13:32:37 | Deep Dive |
| CVE-2026-32062 | OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream | openclaw | openclaw | High | 7.5 | 2026-03-11 13:32:36 | Deep Dive |
| CVE-2026-32061 | OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal | openclaw | openclaw | Medium | 4.4 | 2026-03-11 13:32:35 | Deep Dive |