Vulnerabilities in openclaw
537 resultsCVE-2026-28458HIGHOpenClaw 2026.1.20 < 2026.2.1 - Missing Authentication in Browser Relay /cdp WebSocket EndpointEPSS 0.3%CVE-2026-32025HIGHOpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication BypassEPSS 0.3%CVE-2026-35622MEDIUMOpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat WebhookEPSS 0.3%CVE-2026-29611HIGHOpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media HandlingEPSS 0.3%CVE-2026-27486MEDIUMOpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process CleanupEPSS 0.3%CVE-2026-44116MEDIUMOpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL ValidationEPSS 0.3%CVE-2026-31993MEDIUMOpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell ChainsEPSS 0.3%CVE-2026-29606MEDIUMOpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback CompatibilityEPSS 0.3%CVE-2026-32065MEDIUMOpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command ExecutionEPSS 0.3%CVE-2026-53821HIGHOpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocketEPSS 0.3%CVE-2026-45005MEDIUMOpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After RotationEPSS 0.3%CVE-2026-32046MEDIUMOpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox FlagEPSS 0.3%CVE-2026-35638HIGHOpenClaw < 2026.3.22 - Privilege Escalation via Self-Declared Scopes in Trusted-Proxy Control UIEPSS 0.3%CVE-2026-44110HIGHOpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing StoreEPSS 0.3%CVE-2026-32972HIGHOpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.requestEPSS 0.3%CVE-2026-43578CRITICALOpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner DowngradeEPSS 0.3%CVE-2026-35628MEDIUMOpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate LimitingEPSS 0.3%CVE-2026-35658MEDIUMOpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image ToolEPSS 0.3%CVE-2026-41394HIGHOpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth RoutesEPSS 0.3%CVE-2026-32010MEDIUMOpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program ParameterEPSS 0.3%