Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

openclaw — Vulnerabilities & Security Advisories 338

Browse all 338 CVE security advisories affecting openclaw. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products openclaw:OpenClawnextcloud-talkvoice-call
CVE IDTitleCVSSSeverityPaused
CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling — OpenClawCWE-918 6.0 Medium2026-03-19
CVE-2026-32038 OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter — OpenClawCWE-284 9.8 Critical2026-03-19
CVE-2026-32036 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels — OpenClawCWE-289 6.5 Medium2026-03-19
CVE-2026-32035 OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler — OpenClawCWE-863 5.9 Medium2026-03-19
CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP — OpenClawCWE-78 8.1 High2026-03-19
CVE-2026-32033 OpenClaw < 2026.2.24 - Path Traversal via @-prefixed Absolute Paths in Workspace Boundary Validation — OpenClawCWE-22 6.5 Medium2026-03-19
CVE-2026-32032 OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable — OpenClawCWE-426 7.8 High2026-03-19
CVE-2026-32031 OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway — OpenClawCWE-288 4.8 Medium2026-03-19
CVE-2026-32030 OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal — OpenClawCWE-22 7.5 High2026-03-19
CVE-2026-32029 OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing — OpenClawCWE-345 5.3 Medium2026-03-19
CVE-2026-32028 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress — OpenClawCWE-863 5.3 Medium2026-03-19
CVE-2026-32027 OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist — OpenClawCWE-863 6.5 Medium2026-03-19
CVE-2026-32026 OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox — OpenClawCWE-22 6.5 Medium2026-03-19
CVE-2026-32025 OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass — OpenClawCWE-307 7.5 High2026-03-19
CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling — OpenClawCWE-59 5.5 Medium2026-03-19
CVE-2026-32022 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass — OpenClawCWE-184 6.5 Medium2026-03-19
CVE-2026-32023 OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run — OpenClawCWE-863 7.1 High2026-03-19
CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom — OpenClawCWE-863 6.5 Medium2026-03-19
CVE-2026-32020 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler — OpenClawCWE-59 3.3 Low2026-03-19
CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard — OpenClawCWE-918 7.4 High2026-03-19
CVE-2026-32018 OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations — OpenClawCWE-362 3.6 Low2026-03-19
CVE-2026-32017 OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist — OpenClawCWE-184 7.1 High2026-03-19
CVE-2026-32016 OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS — OpenClawCWE-426 7.8 High2026-03-19
CVE-2026-32015 OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation — OpenClawCWE-426 7.8 High2026-03-19
CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields — OpenClawCWE-290 8.0 High2026-03-19
CVE-2026-32013 OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods — OpenClawCWE-59 8.8 High2026-03-19
CVE-2026-32011 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing — OpenClawCWE-770 7.5 High2026-03-19
CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter — OpenClawCWE-78 6.3 Medium2026-03-19
CVE-2026-32009 OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins — OpenClawCWE-426 5.7 Medium2026-03-19
CVE-2026-32008 OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard — OpenClawCWE-610 6.5 Medium2026-03-19

This page lists every published CVE security advisory associated with openclaw. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.