Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openclaw — Vulnerabilities & Security Advisories 350

All 350 CVE vulnerabilities found in openclaw, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenClaw

CVE IDTitleCVSSSeverityPublished
CVE-2026-32050 OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass CWE-863 3.7 Low2026-03-21
CVE-2026-32049 OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass CWE-770 7.5 High2026-03-21
CVE-2026-32048 OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn CWE-732 7.5 High2026-03-21
CVE-2026-32046 OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag CWE-1188 5.3 Medium2026-03-21
CVE-2026-32045 OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth CWE-290 5.9 Medium2026-03-21
CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation CWE-409 5.5 Medium2026-03-21
CVE-2026-32043 OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter CWE-367 6.5 Medium2026-03-21
CVE-2026-32042 OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication CWE-863 8.8 High2026-03-21
CVE-2026-22172 OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections CWE-862 9.9 Critical2026-03-20
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap CWE-306 6.9 Medium2026-03-19
CVE-2026-32040 OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation CWE-79 4.6 Medium2026-03-19
CVE-2026-32039 OpenClaw < 2026.2.22 - Sender Authorization Bypass via Identity Collision in toolsBySender CWE-639 5.9 Medium2026-03-19
CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling CWE-918 6.0 Medium2026-03-19
CVE-2026-32038 OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter CWE-284 9.8 Critical2026-03-19
CVE-2026-32036 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels CWE-289 6.5 Medium2026-03-19
CVE-2026-32035 OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler CWE-863 5.9 Medium2026-03-19
CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP CWE-78 8.1 High2026-03-19
CVE-2026-32033 OpenClaw < 2026.2.24 - Path Traversal via @-prefixed Absolute Paths in Workspace Boundary Validation CWE-22 6.5 Medium2026-03-19
CVE-2026-32032 OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable CWE-426 7.8 High2026-03-19
CVE-2026-32031 OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway CWE-288 4.8 Medium2026-03-19
CVE-2026-32030 OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal CWE-22 7.5 High2026-03-19
CVE-2026-32029 OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing CWE-345 5.3 Medium2026-03-19
CVE-2026-32028 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress CWE-863 5.3 Medium2026-03-19
CVE-2026-32027 OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist CWE-863 6.5 Medium2026-03-19
CVE-2026-32026 OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox CWE-22 6.5 Medium2026-03-19
CVE-2026-32025 OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass CWE-307 7.5 High2026-03-19
CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling CWE-59 5.5 Medium2026-03-19
CVE-2026-32022 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass CWE-184 6.5 Medium2026-03-19
CVE-2026-32023 OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run CWE-863 7.1 High2026-03-19
CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom CWE-863 6.5 Medium2026-03-19

All 350 known CVE vulnerabilities affecting openclaw with full Chinese analysis, references, and POCs where available.