Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenClaw — Vulnerabilities & Security Advisories 338

Browse all 338 CVE security advisories affecting OpenClaw. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by OpenClaw:OpenClawnextcloud-talkvoice-call
CVE IDTitleCVSSSeverityPublished
CVE-2026-32982 OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs — OpenClawCWE-532 7.5 High2026-03-31
CVE-2026-32977 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unanchored writeFile Commit Path — OpenClawCWE-367 6.3 Medium2026-03-31
CVE-2026-32976 OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands — OpenClawCWE-639 6.5 Medium2026-03-31
CVE-2026-32970 OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs — OpenClawCWE-636 2.5 Low2026-03-31
CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands — OpenClawCWE-451 7.1 High2026-03-31
CVE-2026-32921 OpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.run — OpenClawCWE-367 6.3 Medium2026-03-31
CVE-2026-32920 OpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace Plugins — OpenClawCWE-829 8.4 High2026-03-31
CVE-2026-32917 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP — OpenClawCWE-78 9.8 Critical2026-03-31
CVE-2026-32916 OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes — OpenClawCWE-266 9.4 Critical2026-03-31
CVE-2026-33575 OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes — OpenClawCWE-522 7.5 High2026-03-29
CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download — OpenClawCWE-367 6.2 Medium2026-03-29
CVE-2026-33573 OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters — OpenClawCWE-668 8.8 High2026-03-29
CVE-2026-33572 OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files — OpenClawCWE-378 8.4 High2026-03-29
CVE-2026-32987 OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing — OpenClawCWE-294 9.8 Critical2026-03-29
CVE-2026-32980 OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request — OpenClawCWE-770 7.5 High2026-03-29
CVE-2026-32979 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval — OpenClawCWE-367 7.3 High2026-03-29
CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners — OpenClawCWE-863 8.0 High2026-03-29
CVE-2026-32975 OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist — OpenClawCWE-807 9.8 Critical2026-03-29
CVE-2026-32974 OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token — OpenClawCWE-347 8.6 High2026-03-29
CVE-2026-32973 OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization — OpenClawCWE-625 9.8 Critical2026-03-29
CVE-2026-32972 OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request — OpenClawCWE-863 7.1 High2026-03-29
CVE-2026-32924 OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu — OpenClawCWE-863 9.8 Critical2026-03-29
CVE-2026-32923 OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement — OpenClawCWE-863 5.4 Medium2026-03-29
CVE-2026-32922 OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate — OpenClawCWE-266 9.9 Critical2026-03-29
CVE-2026-32919 OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands — OpenClawCWE-863 6.1 Medium2026-03-29
CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface — OpenClawCWE-863 8.8 High2026-03-29
CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool — OpenClawCWE-863 8.4 High2026-03-29
CVE-2026-32914 OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints — OpenClawCWE-863 8.8 High2026-03-29
CVE-2026-32846 OpenClaw Media Parsing Path Traversal to Arbitrary File Read — OpenClawCWE-22 8.6 -2026-03-26
CVE-2026-32913 OpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin Redirects — OpenClawCWE-522 9.3 Critical2026-03-23

This page lists every published CVE security advisory associated with OpenClaw. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.