Vulnerabilities in OpenClaw
537 resultsCVE-2026-35661MEDIUMOpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization BypassEPSS 0.3%CVE-2026-35647MEDIUMOpenClaw < 2026.3.25 - Direct Message Policy Bypass via Verification NoticesEPSS 0.3%CVE-2026-28475MEDIUMOpenClaw < 2026.2.13 - Timing Attack via Hook Token ComparisonEPSS 0.3%CVE-2026-26319HIGHOpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated RequestsEPSS 0.3%CVE-2026-35618HIGHOpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 VerificationEPSS 0.3%CVE-2026-41339MEDIUMOpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect SnapshotEPSS 0.3%CVE-2026-26328MEDIUMOpenClaw iMessage group allowlist authorization inherited DM pairing-store identitiesEPSS 0.3%CVE-2026-32005HIGHOpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check SkipEPSS 0.3%CVE-2026-42426HIGHOpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write ScopeEPSS 0.3%CVE-2026-42422HIGHOpenClaw < 2026.4.8 - Role Bypass in device.token.rotate FunctionEPSS 0.3%CVE-2026-53814HIGHOpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool AuthorityEPSS 0.3%CVE-2026-28473HIGHOpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat CommandEPSS 0.3%CVE-2026-32048HIGHOpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawnEPSS 0.3%CVE-2026-35645MEDIUMOpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSessionEPSS 0.3%CVE-2026-43527MEDIUMOpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network NavigationEPSS 0.3%CVE-2026-45002MEDIUMOpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template MappingEPSS 0.3%CVE-2026-35649MEDIUMOpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty AllowlistEPSS 0.3%CVE-2026-41354MEDIUMOpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe KeysEPSS 0.3%CVE-2026-41340MEDIUMOpenClaw < 2026.3.31 - Authentication Boundary Bypass via Telegram Legacy allowFrom MigrationEPSS 0.3%CVE-2026-35664MEDIUMOpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card CallbacksEPSS 0.3%