Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

openclaw — Vulnerabilities & Security Advisories 338

Browse all 338 CVE security advisories affecting openclaw. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products openclaw:OpenClawnextcloud-talkvoice-call
CVE IDTitleCVSSSeverityPaused
CVE-2026-35634 OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway — OpenClawCWE-288 5.1 Medium2026-04-09
CVE-2026-35632 OpenClaw < 2026.2.22 - Symlink Traversal via IDENTITY.md appendFile in agents.create/update — OpenClawCWE-61 7.1 High2026-04-09
CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands — OpenClawCWE-862 6.5 Medium2026-04-09
CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions — OpenClawCWE-918 7.4 High2026-04-09
CVE-2026-35628 OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate Limiting — OpenClawCWE-307 4.8 Medium2026-04-09
CVE-2026-35627 OpenClaw < 2026.3.22 - Unauthenticated Cryptographic Work in Nostr Inbound DM Handling — OpenClawCWE-696 6.5 Medium2026-04-09
CVE-2026-35626 OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook — OpenClawCWE-405 5.3 Medium2026-04-09
CVE-2026-35625 OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect — OpenClawCWE-648 7.8 High2026-04-09
CVE-2026-35624 OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk — OpenClawCWE-807 4.2 Medium2026-04-09
CVE-2026-35623 OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Webhook Password Rate Limiting — OpenClawCWE-307 4.8 Medium2026-04-09
CVE-2026-35622 OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook — OpenClawCWE-290 5.9 Medium2026-04-09
CVE-2026-35618 OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification — OpenClawCWE-294 6.5 Medium2026-04-09
CVE-2026-35617 OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName — OpenClawCWE-807 4.2 Medium2026-04-09
CVE-2026-34512 OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint — OpenClawCWE-863 8.1 High2026-04-09
CVE-2026-40037 OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects — OpenClawCWE-601 6.5 Medium2026-04-08
CVE-2026-34511 OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter — OpenClawCWE-330 5.3 Medium2026-04-03
CVE-2026-34426 OpenClaw - Approval Bypass via Environment Variable Normalization — OpenClawCWE-184 7.6 High2026-04-02
CVE-2026-34425 OpenClaw - Shell-Bleed Protection Preflight Validation Bypass — OpenClawCWE-184 5.4 Medium2026-04-02
CVE-2026-34510 OpenClaw < 2026.3.22 - Remote File URL Acceptance in Windows Media Loaders — OpenClawCWE-41 5.3 Medium2026-04-01
CVE-2026-34504 OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider — OpenClawCWE-918 8.3 High2026-03-31
CVE-2026-34503 OpenClaw < 2026.3.28 - Incomplete WebSocket Session Termination on Device Removal and Token Revocation — OpenClawCWE-613 8.1 High2026-03-31
CVE-2026-33581 OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters — OpenClawCWE-22 6.5 Medium2026-03-31
CVE-2026-33580 OpenClaw < 2026.3.28 - Brute Force Attack via Missing Rate Limiting on Webhook Shared Secret Authentication — OpenClawCWE-307 6.5 Medium2026-03-31
CVE-2026-33578 OpenClaw < 2026.3.28 - Sender Policy Allowlist Bypass via Policy Downgrade in Google Chat and Zalouser Extensions — OpenClawCWE-863 4.3 Medium2026-03-31
CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval — OpenClawCWE-863 9.9 Critical2026-03-31
CVE-2026-33576 OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel — OpenClawCWE-863 6.5 Medium2026-03-31
CVE-2026-33577 OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve — OpenClawCWE-863 8.1 High2026-03-31
CVE-2026-34505 OpenClaw < 2026.3.12 - Webhook Rate Limiting Bypass via Pre-Authentication Secret Validation — OpenClawCWE-307 6.5 Medium2026-03-31
CVE-2026-34506 OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration — OpenClawCWE-863 4.3 Medium2026-03-31
CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation — OpenClawCWE-367 7.5 High2026-03-31

This page lists every published CVE security advisory associated with openclaw. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.