Vulnerabilidades em OpenClaw

537 resultados

Análise Vexday

Com 495 CVEs catalogadas e nenhuma confirmada em exploração ativa no momento, o perfil do OpenClaw apresenta taxa de exploração confirmada abaixo da média geral do catálogo KEV. O dado que merece atenção imediata é o volume de 323 vulnerabilidades surgidas nos últimos 90 dias, indicando um ritmo elevado de descobertas recentes que ainda pode não ter atraído atenção de agentes maliciosos, mas amplia consideravelmente a superfície de ataque. O tipo de falha mais comum é CWE-863 (autorização incorreta), o que sugere fragilidades estruturais no controle de acesso — categoria com alto potencial de impacto caso explorada. A CVE mais perigosa identificada atualmente, CVE-2026-25253, apresenta EPSS de 0,0802, e embora não haja PoC pública disponível, equipes de segurança devem monitorar sua evolução dado o contexto de crescimento acelerado no volume de vulnerabilidades do vendor.

CVE-2026-25474HIGHOpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypassEPSS 0.2%CVE-2026-32921MEDIUMOpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.runEPSS 0.2%CVE-2026-41350MEDIUMOpenClaw < 2026.3.31 - Session Visibility Bypass via session_status in Unsandboxed InvocationsEPSS 0.2%CVE-2026-35630HIGHOpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval ButtonsEPSS 0.2%CVE-2026-26972MEDIUMOpenClaw has a Path Traversal in Browser Download FunctionalityEPSS 0.2%CVE-2026-35642MEDIUMOpenClaw < 2026.3.25 - Authorization Bypass in Group Reactions via requireMention BypassEPSS 0.2%CVE-2026-43582MEDIUMOpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation BypassEPSS 0.2%CVE-2026-32028MEDIUMOpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction IngressEPSS 0.2%CVE-2026-22169HIGHOpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBinsEPSS 0.2%CVE-2026-28485HIGHOpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP EndpointsEPSS 0.2%CVE-2026-32976HIGHOpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel CommandsEPSS 0.2%CVE-2026-53808MEDIUMOpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply FlowEPSS 0.2%CVE-2026-35644HIGHOpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway SnapshotsEPSS 0.2%CVE-2026-32031MEDIUMOpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels GatewayEPSS 0.2%CVE-2026-53834HIGHOpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash CommandsEPSS 0.2%CVE-2026-35625HIGHOpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth ReconnectEPSS 0.2%CVE-2026-53851MEDIUMOpenClaw < 2026.5.12 - Slack Reaction Event Notification BypassEPSS 0.2%CVE-2026-32058LOWOpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=nodeEPSS 0.2%CVE-2026-53831HIGHOpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin AllowlistEPSS 0.2%CVE-2026-32039MEDIUMOpenClaw < 2026.2.22 - Sender Authorization Bypass via Identity Collision in toolsBySenderEPSS 0.2%

← anteriorpágina 20 / 27próxima →