Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

openclaw — Vulnerabilities & Security Advisories 338

Browse all 338 CVE security advisories affecting openclaw. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products openclaw:OpenClawnextcloud-talkvoice-call
CVE IDTitleCVSSSeverityPaused
CVE-2026-41909 OpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing Actions — OpenClawCWE-863 5.4 Medium2026-04-23
CVE-2026-41908 OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route — OpenClawCWE-863 4.3 Medium2026-04-23
CVE-2026-41331 OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Transcription — OpenClawCWE-408 5.3 Medium2026-04-20
CVE-2026-41330 OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy — OpenClawCWE-453 4.4 Medium2026-04-20
CVE-2026-41329 OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation — OpenClawCWE-648 9.9 Critical2026-04-20
CVE-2026-41303 OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands — OpenClawCWE-863 8.8 High2026-04-20
CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download — OpenClawCWE-918 7.6 High2026-04-20
CVE-2026-41301 OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass — OpenClawCWE-347 5.3 Medium2026-04-20
CVE-2026-41300 OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding — OpenClawCWE-372 6.5 Medium2026-04-20
CVE-2026-41299 OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard — OpenClawCWE-807 7.1 High2026-04-20
CVE-2026-41298 OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint — OpenClawCWE-862 5.4 Medium2026-04-20
CVE-2026-41297 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirect — OpenClawCWE-918 7.6 High2026-04-20
CVE-2026-41295 OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup — OpenClawCWE-829 7.8 High2026-04-20
CVE-2026-41296 OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile — OpenClawCWE-367 8.2 High2026-04-20
CVE-2026-41294 OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File — OpenClawCWE-15 8.6 High2026-04-20
CVE-2026-40045 OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints — OpenClawCWE-319 5.7 Medium2026-04-20
CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths — OpenClawCWE-73 5.8 Medium2026-04-20
CVE-2026-3691 OpenClaw Client PKCE Verifier Information Disclosure Vulnerability — OpenClawCWE-200 6.5AIMediumAI2026-04-11
CVE-2026-3690 OpenClaw Canvas Authentication Bypass Vulnerability — OpenClawCWE-291 9.8AICriticalAI2026-04-11
CVE-2026-3689 OpenClaw Canvas Path Traversal Information Disclosure Vulnerability — OpenClawCWE-22 6.5AIMediumAI2026-04-11
CVE-2026-35670 OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat — OpenClawCWE-807 5.9 Medium2026-04-10
CVE-2026-35669 OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope — OpenClawCWE-648 8.8 High2026-04-10
CVE-2026-35668 OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Parameters — OpenClawCWE-22 7.7 High2026-04-10
CVE-2026-35666 OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper — OpenClawCWE-706 8.8 High2026-04-10
CVE-2026-35667 OpenClaw < 2026.3.24 - Improper Process Termination via Unpatched killProcessTree in shell-utils.ts — OpenClawCWE-404 6.1 Medium2026-04-10
CVE-2026-35665 OpenClaw < 2026.3.24 - Denial of Service via Feishu Webhook Pre-Auth Body Parsing — OpenClawCWE-405 5.3 Medium2026-04-10
CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim — OpenClawCWE-648 8.8 High2026-04-10
CVE-2026-35664 OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks — OpenClawCWE-288 5.3 Medium2026-04-10
CVE-2026-35662 OpenClaw < 2026.3.22 - Missing controlScope Enforcement in Send Action — OpenClawCWE-862 4.3 Medium2026-04-10
CVE-2026-35661 OpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization Bypass — OpenClawCWE-288 5.3 Medium2026-04-10

This page lists every published CVE security advisory associated with openclaw. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.