Vulnerabilities in OpenClaw
537 resultsCVE-2026-43574MEDIUMOpenClaw < 2026.4.12 - Improper Authorization via Empty Approver ListsEPSS 0.2%CVE-2026-35646MEDIUMOpenClaw < 2026.3.25 - Pre-Authentication Rate-Limit Bypass in Webhook Token ValidationEPSS 0.2%CVE-2026-41379HIGHOpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice ConfigEPSS 0.2%CVE-2026-28476MEDIUMOpenClaw < 2026.2.14 - Server-Side Request Forgery in Tlon Extension AuthenticationEPSS 0.2%CVE-2026-42439MEDIUMOpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action RoutesEPSS 0.2%CVE-2026-35624LOWOpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud TalkEPSS 0.2%CVE-2026-41387HIGHOpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment SanitizationEPSS 0.2%CVE-2026-31999MEDIUMOpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution FallbackEPSS 0.2%CVE-2026-53861MEDIUMOpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOSEPSS 0.2%CVE-2026-42429MEDIUMOpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP AuthenticationEPSS 0.2%CVE-2026-40037HIGHOpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin RedirectsEPSS 0.2%CVE-2026-41368HIGHOpenClaw < 2026.3.28 - Environment Variable Disclosure via jq $ENV Filter BypassEPSS 0.2%CVE-2026-32027HIGHOpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group AllowlistEPSS 0.2%CVE-2026-34511MEDIUMOpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State ParameterEPSS 0.2%CVE-2026-41910LOWOpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel WritesEPSS 0.2%CVE-2026-44991LOWOpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel SendersEPSS 0.2%CVE-2026-27524LOWOpenClaw < 2026.2.21 - Prototype Pollution via Debug Override PathEPSS 0.2%CVE-2026-41297MEDIUMOpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download RedirectEPSS 0.2%CVE-2026-44117MEDIUMOpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media UploadEPSS 0.2%CVE-2026-42438MEDIUMOpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment ReadsEPSS 0.2%