Vulnerabilities in openclaw

537 results

CVE-2026-32007HIGHOpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check BypassEPSS 0.4%CVE-2026-28459HIGHOpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile PathEPSS 0.4%CVE-2026-44115HIGHOpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec AllowlistEPSS 0.4%CVE-2026-8621HIGHCrabbox < v0.12.0 Authentication Bypass via Header SpoofingEPSS 0.4%CVE-2026-35623MEDIUMOpenClaw < 2026.3.25 - Brute-Force Attack via Missing Webhook Password Rate LimitingEPSS 0.4%CVE-2026-35633MEDIUMOpenClaw < 2026.3.22 - Unbounded Memory Allocation via Remote Media Error ResponsesEPSS 0.4%CVE-2026-28472CRITICALOpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect HandshakeEPSS 0.4%CVE-2026-43530HIGHOpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet ExecutionEPSS 0.4%CVE-2026-33576MEDIUMOpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo ChannelEPSS 0.4%CVE-2026-28447HIGHOpenClaw 2026.1.29-beta.1 < 2026.2.1 - Path Traversal in Plugin Installation via Package NameEPSS 0.4%CVE-2026-28461HIGHOpenClaw < 2026.3.1 - Unbounded Memory Growth in Zalo Webhook via Query String Key ChurnEPSS 0.4%CVE-2026-32987CRITICALOpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device PairingEPSS 0.4%CVE-2026-53853HIGHOpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOSEPSS 0.3%CVE-2026-28392HIGHOpenClaw < 2026.2.14 - Privilege Escalation in Slack Slash Command Handler via Direct MessagesEPSS 0.3%CVE-2026-42434HIGHOpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec RoutingEPSS 0.3%CVE-2026-34512HIGHOpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill EndpointEPSS 0.3%CVE-2026-32030HIGHOpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path TraversalEPSS 0.3%CVE-2026-32026HIGHOpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in SandboxEPSS 0.3%CVE-2026-41408LOWOpenClaw < 2026.3.31 - Disk Exhaustion via Media Download BypassEPSS 0.3%CVE-2026-53816HIGHOpenClaw < 2026.5.18 - Exec Lifecycle Event Forgery via Paired NodeEPSS 0.3%

← previouspage 7 / 27next →