Vulnerabilidades em OpenClaw
537 resultadosCVE-2026-32982HIGHOpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error LogsEPSS 0.4%CVE-2026-32011HIGHOpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body ParsingEPSS 0.4%CVE-2026-41346MEDIUMOpenClaw 2026.2.26 < 2026.3.31 - Denial of Service via Improper Pending Pairing Request Cap EnforcementEPSS 0.4%CVE-2026-41370HIGHOpenClaw < 2026.3.31 - Path Traversal via Inbound Channel Attachment Path in ACP DispatchEPSS 0.4%CVE-2026-42437HIGHOpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime PathEPSS 0.4%CVE-2026-32051HIGHOpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool AccessEPSS 0.4%CVE-2026-28453HIGHOpenClaw < 2026.2.14 - Zip Slip Path Traversal in TAR Archive ExtractionEPSS 0.4%CVE-2026-26329HIGHOpenClaw has a path traversal in browser upload allows local file readEPSS 0.4%CVE-2026-29613HIGHOpenClaw < 2026.2.12 - Webhook Authentication Bypass via Loopback remoteAddress TrustEPSS 0.4%CVE-2026-41303HIGHOpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval CommandsEPSS 0.4%CVE-2026-42435HIGHOpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment InjectionEPSS 0.4%CVE-2026-32973HIGHOpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path NormalizationEPSS 0.4%CVE-2026-22168HIGHOpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.runEPSS 0.4%CVE-2026-28456HIGHOpenClaw 2026.1.5 < 2026.2.14 - Arbitrary Code Execution via Unsafe Hook Module Path HandlingEPSS 0.4%CVE-2026-32008HIGHOpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation GuardEPSS 0.4%CVE-2026-43575CRITICALOpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper RouteEPSS 0.4%CVE-2026-32045HIGHOpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale AuthEPSS 0.4%CVE-2026-28467MEDIUMOpenClaw < 2026.2.2 - SSRF via Attachment Media URL HydrationEPSS 0.4%CVE-2026-28395MEDIUMOpenClaw 2026.1.14-1 < 2026.2.12 - Unintended Public Binding of Chrome Extension Relay via Wildcard cdpUrlEPSS 0.4%CVE-2026-43584HIGHOpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec PolicyEPSS 0.4%