Vulnerabilities in OpenClaw
537 resultsCVE-2026-35664MEDIUMOpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card CallbacksEPSS 0.3%CVE-2026-35663HIGHOpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-ClaimEPSS 0.3%CVE-2026-53843HIGHOpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device SessionEPSS 0.3%CVE-2026-28451MEDIUMOpenClaw < 2026.2.14 - SSRF via Feishu Extension Media FetchingEPSS 0.3%CVE-2026-29612MEDIUMOpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File DecodingEPSS 0.3%CVE-2026-41362LOWOpenClaw 2026.2.19 through 2026.3.30 - Webhook Replay Dedupe Cache Event Suppression via Shared AuthenticationEPSS 0.3%CVE-2026-34505MEDIUMOpenClaw < 2026.3.12 - Webhook Rate Limiting Bypass via Pre-Authentication Secret ValidationEPSS 0.3%CVE-2026-32971HIGHOpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended CommandsEPSS 0.3%CVE-2026-35660HIGHOpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session ResetEPSS 0.3%CVE-2026-35619MEDIUMOpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models EndpointEPSS 0.3%CVE-2026-32001MEDIUMOpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket AuthenticationEPSS 0.3%CVE-2026-34506LOWOpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist ConfigurationEPSS 0.3%CVE-2026-53828HIGHOpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command EnforcementEPSS 0.3%CVE-2026-53849HIGHOpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFromEPSS 0.3%CVE-2026-28449MEDIUMOpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay SuppressionEPSS 0.3%CVE-2026-42436MEDIUMOpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot RoutesEPSS 0.3%CVE-2026-41402LOWOpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope BypassEPSS 0.3%CVE-2026-43576MEDIUMOpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URLEPSS 0.3%CVE-2026-44993LOWOpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card ActionsEPSS 0.3%CVE-2026-53839MEDIUMOpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint ValidationEPSS 0.3%