Vulnerabilities in openclaw
537 resultsCVE-2026-44993LOWOpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card ActionsEPSS 0.3%CVE-2026-41389MEDIUMOpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media PathsEPSS 0.3%CVE-2026-35621HIGHOpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist PersistenceEPSS 0.3%CVE-2026-43580MEDIUMOpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser InteractionsEPSS 0.3%CVE-2026-32897MEDIUMOpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing FallbackEPSS 0.3%CVE-2026-53866HIGHOpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command ParsingEPSS 0.3%CVE-2026-34426MEDIUMOpenClaw - Approval Bypass via Environment Variable NormalizationEPSS 0.3%CVE-2026-53855HIGHOpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval ChecksEPSS 0.3%CVE-2026-35651MEDIUMOpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval PromptEPSS 0.3%CVE-2026-28481MEDIUMOpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix MatchingEPSS 0.3%CVE-2026-41403MEDIUMOpenClaw < 2026.3.31 - Access Control Bypass via Proxied Remote Request MisclassificationEPSS 0.3%CVE-2026-43532MEDIUMOpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover ImageEPSS 0.3%CVE-2026-35636HIGHOpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId ResolutionEPSS 0.3%CVE-2026-32022MEDIUMOpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy BypassEPSS 0.3%CVE-2026-32017MEDIUMOpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec AllowlistEPSS 0.3%CVE-2026-42431HIGHOpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) BypassEPSS 0.3%CVE-2026-32898MEDIUMOpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool MetadataEPSS 0.3%CVE-2026-28454HIGHOpenClaw < 2026.2.2 - Authorization Bypass via Unauthenticated Telegram WebhookEPSS 0.3%CVE-2026-41371HIGHOpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset CommandEPSS 0.3%CVE-2026-22170MEDIUMOpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom ConfigurationEPSS 0.3%