Vulnerabilidades en OpenClaw

537 resultados
Análisis Vexday

Com 495 CVEs catalogadas e nenhuma confirmada em exploração ativa no momento, o perfil do OpenClaw apresenta taxa de exploração confirmada abaixo da média geral do catálogo KEV. O dado que merece atenção imediata é o volume de 323 vulnerabilidades surgidas nos últimos 90 dias, indicando um ritmo elevado de descobertas recentes que ainda pode não ter atraído atenção de agentes maliciosos, mas amplia consideravelmente a superfície de ataque. O tipo de falha mais comum é CWE-863 (autorização incorreta), o que sugere fragilidades estruturais no controle de acesso — categoria com alto potencial de impacto caso explorada. A CVE mais perigosa identificada atualmente, CVE-2026-25253, apresenta EPSS de 0,0802, e embora não haja PoC pública disponível, equipes de segurança devem monitorar sua evolução dado o contexto de crescimento acelerado no volume de vulnerabilidades do vendor.

CVE-2026-27484LOWOpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flowsEPSS 0.2%CVE-2026-43534CRITICALOpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook EventsEPSS 0.2%CVE-2026-32014HIGHOpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform FieldsEPSS 0.2%CVE-2026-32029MEDIUMOpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header ParsingEPSS 0.2%CVE-2026-53837MEDIUMOpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event HandlersEPSS 0.2%CVE-2026-42427MEDIUMOpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable InjectionEPSS 0.2%CVE-2026-42430MEDIUMOpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect HandlingEPSS 0.2%CVE-2026-53841LOWOpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTMLEPSS 0.2%CVE-2026-53826LOWOpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session SpawnEPSS 0.2%CVE-2026-41298MEDIUMOpenClaw < 2026.4.2 - Authorization Bypass in Session Termination EndpointEPSS 0.2%CVE-2026-41356LOWOpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotateEPSS 0.2%CVE-2026-42421LOWOpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token RotationEPSS 0.2%CVE-2026-53845LOWOpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook SkippingEPSS 0.2%CVE-2026-53848LOWOpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command WrappersEPSS 0.2%CVE-2026-31989MEDIUMOpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation RedirectEPSS 0.2%CVE-2026-41366MEDIUMOpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-WhitelistingEPSS 0.2%CVE-2026-53824MEDIUMMattermost plugin for OpenClaw < 2026.4.24 - Slash Token Revocation Lag via Monitor Refresh DelayEPSS 0.2%CVE-2026-42424MEDIUMOpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA PathsEPSS 0.2%CVE-2026-32895MEDIUMOpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event HandlersEPSS 0.2%CVE-2026-32978CRITICALOpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script RunnersEPSS 0.2%