Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

OpenClaw — Vulnerabilities & Security Advisories 339

All 339 CVE vulnerabilities found in OpenClaw, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenClaw

CVE IDTitleCVSSSeverityPaused
CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation CWE-367 7.5 High2026-03-31
CVE-2026-32982 OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs CWE-532 7.5 High2026-03-31
CVE-2026-32977 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unanchored writeFile Commit Path CWE-367 6.3 Medium2026-03-31
CVE-2026-32976 OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands CWE-639 6.5 Medium2026-03-31
CVE-2026-32970 OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs CWE-636 2.5 Low2026-03-31
CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands CWE-451 7.1 High2026-03-31
CVE-2026-32921 OpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.run CWE-367 6.3 Medium2026-03-31
CVE-2026-32920 OpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace Plugins CWE-829 8.4 High2026-03-31
CVE-2026-32917 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP CWE-78 9.8 Critical2026-03-31
CVE-2026-32916 OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes CWE-266 9.4 Critical2026-03-31
CVE-2026-33575 OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes CWE-522 7.5 High2026-03-29
CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download CWE-367 6.2 Medium2026-03-29
CVE-2026-33573 OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters CWE-668 8.8 High2026-03-29
CVE-2026-33572 OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files CWE-378 8.4 High2026-03-29
CVE-2026-32987 OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing CWE-294 9.8 Critical2026-03-29
CVE-2026-32980 OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request CWE-770 7.5 High2026-03-29
CVE-2026-32979 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval CWE-367 7.3 High2026-03-29
CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners CWE-863 8.0 High2026-03-29
CVE-2026-32975 OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist CWE-807 9.8 Critical2026-03-29
CVE-2026-32974 OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token CWE-347 8.6 High2026-03-29
CVE-2026-32973 OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization CWE-625 9.8 Critical2026-03-29
CVE-2026-32972 OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request CWE-863 7.1 High2026-03-29
CVE-2026-32924 OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu CWE-863 9.8 Critical2026-03-29
CVE-2026-32923 OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement CWE-863 5.4 Medium2026-03-29
CVE-2026-32922 OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate CWE-266 9.9 Critical2026-03-29
CVE-2026-32919 OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands CWE-863 6.1 Medium2026-03-29
CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface CWE-863 8.8 High2026-03-29
CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool CWE-863 8.4 High2026-03-29
CVE-2026-32914 OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints CWE-863 8.8 High2026-03-29
CVE-2026-32846 OpenClaw Media Parsing Path Traversal to Arbitrary File Read CWE-22 8.6 -2026-03-26

All 339 known CVE vulnerabilities affecting OpenClaw with full Chinese analysis, references, and POCs where available.