Vulnerabilidades em OpenClaw
537 resultadosCVE-2026-35670MEDIUMOpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology ChatEPSS 0.2%CVE-2026-35617LOWOpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayNameEPSS 0.2%CVE-2026-53829HIGHOpenClaw < 2026.5.18 - Command Truncation in Exec Approval DisplayEPSS 0.2%CVE-2026-41359HIGHOpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron PersistenceEPSS 0.2%CVE-2026-35657HIGHOpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History RouteEPSS 0.2%CVE-2026-43572MEDIUMOpenClaw 2026.4.10 < 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke HandlerEPSS 0.2%CVE-2026-28471MEDIUMOpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix PluginEPSS 0.2%CVE-2026-41377MEDIUMOpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin InstallationEPSS 0.2%CVE-2026-32905HIGHOpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat CommandEPSS 0.2%CVE-2026-41337MEDIUMOpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call ReplayEPSS 0.2%CVE-2026-27009MEDIUMOpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injectionEPSS 0.2%CVE-2026-35655MEDIUMOpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission ResolutionEPSS 0.2%CVE-2026-34504MEDIUMOpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal ProviderEPSS 0.2%CVE-2026-35654MEDIUMOpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback InvokeEPSS 0.2%CVE-2026-44111LOWOpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_getEPSS 0.2%CVE-2026-41407MEDIUMOpenClaw < 2026.4.2 - Timing Side Channel in Shared-Secret ComparisonEPSS 0.2%CVE-2026-53857HIGHOpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom PolicyEPSS 0.2%CVE-2026-41406LOWOpenClaw < 2026.3.31 - Sender Allowlist Bypass via Thread History and Quoted MessagesEPSS 0.2%CVE-2026-35631HIGHOpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat CommandsEPSS 0.2%CVE-2026-41302MEDIUMOpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin DownloadEPSS 0.2%