Vulnerabilidades em openclaw
537 resultadosCVE-2026-28479HIGHOpenClaw < 2026.2.15 - Cache Poisoning via Deprecated SHA-1 Hash in Sandbox ConfigurationEPSS 0.2%CVE-2026-41348LOWOpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash CommandsEPSS 0.2%CVE-2026-41365MEDIUMOpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API Thread HistoryEPSS 0.2%CVE-2026-53847MEDIUMOpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write ScopeEPSS 0.2%CVE-2026-32906LOWOpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver GateEPSS 0.2%CVE-2026-53833HIGHQQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming CommandEPSS 0.2%CVE-2026-32037LOWOpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment HandlingEPSS 0.2%CVE-2026-41909MEDIUMOpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing ActionsEPSS 0.2%CVE-2026-53860LOWOpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubblesEPSS 0.2%CVE-2026-53863MEDIUMOpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group PolicyEPSS 0.2%CVE-2026-28463HIGHOpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins AllowlistEPSS 0.2%CVE-2026-27008MEDIUMOpenClaw hardened the skill download target directory validationEPSS 0.2%CVE-2026-53835LOWOpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent BindingsEPSS 0.2%CVE-2026-41367MEDIUMOpenClaw 2026.2.14 < 2026.3.28 - Policy Enforcement Bypass in Discord Component InteractionsEPSS 0.2%CVE-2026-32067LOWOpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing StoreEPSS 0.2%CVE-2026-27576MEDIUMOpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputsEPSS 0.2%CVE-2026-41376LOWOpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender ValidationEPSS 0.2%CVE-2026-27007MEDIUMOpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreationEPSS 0.2%CVE-2026-35673MEDIUMOpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/Export RoutesEPSS 0.2%CVE-2026-32302HIGHOpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy modeEPSS 0.2%