4:["$","div",null,{"className":"wrap","children":[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"CollectionPage\",\"name\":\"Vulnerabilities in openclaw\",\"url\":\"https://vexday.io/en/vendor/openclaw\",\"isPartOf\":{\"@type\":\"WebSite\",\"name\":\"Vexday\",\"url\":\"https://vexday.io\"},\"mainEntity\":{\"@type\":\"ItemList\",\"numberOfItems\":537},\"breadcrumb\":{\"@type\":\"BreadcrumbList\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https://vexday.io/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technologies\",\"item\":\"https://vexday.io/en/vendors\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"openclaw\"}]}}"}}],["$","nav",null,{"className":"crumbs","children":[["$","$La",null,{"href":"/en","children":"Home"}]," ",["$","span",null,{"children":"/"}]," ",["$","$La",null,{"href":"/en/vendors","children":"Technologies"}]," ",["$","span",null,{"children":"/"}]," ",["$","b",null,{"children":"openclaw"}]]}],["$","div",null,{"className":"sec-head","style":{"marginTop":18},"children":[["$","h1",null,{"style":{"fontSize":"1.7rem","margin":0,"fontFamily":"var(--font-display)","fontWeight":700},"children":["Vulnerabilities in"," ",["$","span",null,{"style":{"color":"var(--orange)"},"children":"openclaw"}]]}],["$","span",null,{"className":"t","children":["537"," ","results"]}]]}],null,["$","div",null,{"className":"list","children":[["$","$La","CVE-2026-32043",{"className":"item","href":"/en/cve/CVE-2026-32043","children":[["$","span",null,{"className":"cid","children":"CVE-2026-32043"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-53818",{"className":"item","href":"/en/cve/CVE-2026-53818","children":[["$","span",null,{"className":"cid","children":"CVE-2026-53818"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-32919",{"className":"item","href":"/en/cve/CVE-2026-32919","children":[["$","span",null,{"className":"cid","children":"CVE-2026-32919"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-27545",{"className":"item","href":"/en/cve/CVE-2026-27545","children":[["$","span",null,{"className":"cid","children":"CVE-2026-27545"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-53856",{"className":"item","href":"/en/cve/CVE-2026-53856","children":[["$","span",null,{"className":"cid","children":"CVE-2026-53856"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw 2026.4.23 < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw.json"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-53820",{"className":"item","href":"/en/cve/CVE-2026-53820","children":[["$","span",null,{"className":"cid","children":"CVE-2026-53820"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-53809",{"className":"item","href":"/en/cve/CVE-2026-53809","children":[["$","span",null,{"className":"cid","children":"CVE-2026-53809"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-53850",{"className":"item","href":"/en/cve/CVE-2026-53850","children":[["$","span",null,{"className":"cid","children":"CVE-2026-53850"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-31997",{"className":"item","href":"/en/cve/CVE-2026-31997","children":[["$","span",null,{"className":"cid","children":"CVE-2026-31997"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-41360",{"className":"item","href":"/en/cve/CVE-2026-41360","children":[["$","span",null,{"className":"cid","children":"CVE-2026-41360"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.4.2 - Approval Integrity Bypass in pnpm dlx Local Script Binding"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-41338",{"className":"item","href":"/en/cve/CVE-2026-41338","children":[["$","span",null,{"className":"cid","children":"CVE-2026-41338"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-53862",{"className":"item","href":"/en/cve/CVE-2026-53862","children":[["$","span",null,{"className":"cid","children":"CVE-2026-53862"}],["$","span",null,{"className":"sevtag LOW","children":"LOW"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-33574",{"className":"item","href":"/en/cve/CVE-2026-33574","children":[["$","span",null,{"className":"cid","children":"CVE-2026-33574"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-27670",{"className":"item","href":"/en/cve/CVE-2026-27670","children":[["$","span",null,{"className":"cid","children":"CVE-2026-27670"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-32988",{"className":"item","href":"/en/cve/CVE-2026-32988","children":[["$","span",null,{"className":"cid","children":"CVE-2026-32988"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-43529",{"className":"item","href":"/en/cve/CVE-2026-43529","children":[["$","span",null,{"className":"cid","children":"CVE-2026-43529"}],["$","span",null,{"className":"sevtag LOW","children":"LOW"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-32977",{"className":"item","href":"/en/cve/CVE-2026-32977","children":[["$","span",null,{"className":"cid","children":"CVE-2026-32977"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unanchored writeFile Commit Path"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}]]}],["$","div",null,{"className":"pagination","children":[["$","$La",null,{"href":"?page=26","children":"← previous"}],["$","span",null,{"className":"pgnum","children":["page"," ","27"," / ","27"]}],["$","span",null,{"className":"off","children":"next →"}]]}]]}]