Vulnerabilidades en openclaw
537 resultadosCVE-2026-32035MEDIUMOpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript HandlerEPSS 0.1%CVE-2026-42428HIGHOpenClaw < 2026.4.8 - Missing Integrity Verification in Package DownloadsEPSS 0.1%CVE-2026-28482HIGHOpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile ParametersEPSS 0.1%CVE-2026-44995MEDIUMOpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment VariablesEPSS 0.1%CVE-2026-35641HIGHOpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook InstallationEPSS 0.1%CVE-2026-28457MEDIUMOpenClaw < 2026.2.14 - Path Traversal in Sandbox Skill Mirroring via Name ParameterEPSS 0.1%CVE-2026-32018LOWOpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write OperationsEPSS 0.1%CVE-2026-31990MEDIUMOpenClaw < 2026.3.2 - Symlink Traversal in stageSandboxMedia DestinationEPSS 0.1%CVE-2026-32009HIGHOpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBinsEPSS 0.1%CVE-2026-41336HIGHOpenClaw < 2026.3.31 - Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable OverrideEPSS 0.1%CVE-2026-53842HIGHOpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment VariableEPSS 0.1%CVE-2026-41295HIGHOpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel SetupEPSS 0.1%CVE-2026-28477MEDIUMOpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login FlowEPSS 0.1%CVE-2026-32979HIGHOpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host ApprovalEPSS 0.1%CVE-2026-32044MEDIUMOpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills InstallationEPSS 0.1%CVE-2026-42432HIGHOpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect BypassEPSS 0.1%CVE-2026-32020MEDIUMOpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File HandlerEPSS 0.1%CVE-2026-29608MEDIUMOpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv RewritingEPSS 0.1%CVE-2026-41294HIGHOpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env FileEPSS 0.1%CVE-2026-41373MEDIUMOpenClaw < 2026.3.31 - Compiler Binary Substitution via Environment Variable Override in Host Execution PolicyEPSS 0.1%