Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openclaw — Vulnerabilities & Security Advisories 350

All 350 CVE vulnerabilities found in openclaw, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenClaw

CVE IDTitleCVSSSeverityPublished
CVE-2026-32973 OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization CWE-625 9.8 Critical2026-03-29
CVE-2026-32974 OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token CWE-347 8.6 High2026-03-29
CVE-2026-32972 OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request CWE-863 7.1 High2026-03-29
CVE-2026-32923 OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement CWE-863 5.4 Medium2026-03-29
CVE-2026-32924 OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu CWE-863 9.8 Critical2026-03-29
CVE-2026-32922 OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate CWE-266 9.9 Critical2026-03-29
CVE-2026-32919 OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands CWE-863 6.1 Medium2026-03-29
CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface CWE-863 8.8 High2026-03-29
CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool CWE-863 8.4 High2026-03-29
CVE-2026-32914 OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints CWE-863 8.8 High2026-03-29
CVE-2026-32846 OpenClaw Media Parsing Path Traversal to Arbitrary File Read CWE-22 8.6 -2026-03-26
CVE-2026-32913 OpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin Redirects CWE-522 9.3 Critical2026-03-23
CVE-2026-27646 OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command CWE-863 6.1 Medium2026-03-23
CVE-2026-27183 OpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth Mismatch CWE-863 5.3 Medium2026-03-23
CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers CWE-863 4.3 Medium2026-03-21
CVE-2026-32898 OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata CWE-807 5.4 Medium2026-03-21
CVE-2026-32897 OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback CWE-320 3.7 Low2026-03-21
CVE-2026-32896 OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin CWE-306 4.8 Medium2026-03-21
CVE-2026-32895 OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers CWE-863 5.4 Medium2026-03-21
CVE-2026-32067 OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store CWE-863 3.7 Low2026-03-21
CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution CWE-436 4.8 Medium2026-03-21
CVE-2026-32064 OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer CWE-306 7.7 High2026-03-21
CVE-2026-32058 OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node CWE-863 2.6 Low2026-03-21
CVE-2026-32057 OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter CWE-807 7.1 High2026-03-21
CVE-2026-32056 OpenClaw < 2026.2.22 - Remote Code Execution via Shell Startup Environment Variable Injection in system.run CWE-78 7.5 High2026-03-21
CVE-2026-32055 OpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent Symlink CWE-22 7.6 High2026-03-21
CVE-2026-32054 OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling CWE-59 6.5 Medium2026-03-21
CVE-2026-32053 OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization CWE-294 6.5 Medium2026-03-21
CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers CWE-436 6.4 Medium2026-03-21
CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access CWE-863 8.8 High2026-03-21

All 350 known CVE vulnerabilities affecting openclaw with full Chinese analysis, references, and POCs where available.