Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openclaw — Vulnerabilities & Security Advisories 338

Browse all 338 CVE security advisories affecting openclaw. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by openclaw:OpenClawnextcloud-talkvoice-call
CVE IDTitleCVSSSeverityPublished
CVE-2026-32007 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass — OpenClawCWE-22 6.8 Medium2026-03-19
CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip — OpenClawCWE-863 6.8 Medium2026-03-19
CVE-2026-32006 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist — OpenClawCWE-863 3.1 Low2026-03-19
CVE-2026-32004 OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route — OpenClawCWE-288 6.5 Medium2026-03-19
CVE-2026-32003 OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run — OpenClawCWE-78 6.6 Medium2026-03-19
CVE-2026-32002 OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass — OpenClawCWE-200 5.3 Medium2026-03-19
CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication — OpenClawCWE-863 5.4 Medium2026-03-19
CVE-2026-32000 OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution — OpenClawCWE-78 7.1 High2026-03-19
CVE-2026-31998 OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds — OpenClawCWE-863 8.6 High2026-03-19
CVE-2026-31999 OpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution Fallback — OpenClawCWE-78 6.3 Medium2026-03-19
CVE-2026-31997 OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals — OpenClawCWE-367 6.0 Medium2026-03-19
CVE-2026-31996 OpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flags — OpenClawCWE-78 4.4 Medium2026-03-19
CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation — OpenClawCWE-78 7.1 High2026-03-19
CVE-2026-31995 OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension — OpenClawCWE-78 5.3 Medium2026-03-19
CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains — OpenClawCWE-184 4.8 Medium2026-03-19
CVE-2026-31992 OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S — OpenClawCWE-184 7.1 High2026-03-19
CVE-2026-31991 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist — OpenClawCWE-863 3.7 Low2026-03-19
CVE-2026-31990 OpenClaw < 2026.3.2 - Symlink Traversal in stageSandboxMedia Destination — OpenClawCWE-59 6.1 Medium2026-03-19
CVE-2026-31989 OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect — OpenClawCWE-918 7.4 High2026-03-19
CVE-2026-29607 OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence — OpenClawCWE-78 6.8 Medium2026-03-19
CVE-2026-29608 OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting — OpenClawCWE-88 6.7 Medium2026-03-19
CVE-2026-28461 OpenClaw < 2026.3.1 - Unbounded Memory Growth in Zalo Webhook via Query String Key Churn — OpenClawCWE-770 7.5 High2026-03-19
CVE-2026-28460 OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run — OpenClawCWE-78 7.1 High2026-03-19
CVE-2026-27670 OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition — OpenClawCWE-367 5.3 Medium2026-03-19
CVE-2026-28449 OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression — OpenClawCWE-294 6.5 Medium2026-03-19
CVE-2026-27566 OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run — OpenClawCWE-78 7.1 High2026-03-19
CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation — OpenClawCWE-78 6.1 Medium2026-03-19
CVE-2026-27545 OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind — OpenClawCWE-367 6.1 Medium2026-03-18
CVE-2026-27524 OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path — OpenClawCWE-1321 4.3 Medium2026-03-18
CVE-2026-27523 OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths — OpenClawCWE-22 6.1 Medium2026-03-18

This page lists every published CVE security advisory associated with openclaw. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.