Vulnerabilities in openclaw
537 resultsCVE-2026-35665MEDIUMOpenClaw < 2026.3.24 - Denial of Service via Feishu Webhook Pre-Auth Body ParsingEPSS 0.3%CVE-2026-27488MEDIUMOpenClaw hardened cron webhook delivery against SSRFEPSS 0.3%CVE-2026-41911MEDIUMOpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_imageEPSS 0.3%CVE-2026-35632MEDIUMOpenClaw <= 2026.2.22 - Symlink Traversal via IDENTITY.md appendFile in agents.create/updateEPSS 0.3%CVE-2026-43570MEDIUMOpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path HandlingEPSS 0.3%CVE-2026-32055HIGHOpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent SymlinkEPSS 0.3%CVE-2026-31998HIGHOpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIdsEPSS 0.3%CVE-2026-34510MEDIUMOpenClaw < 2026.3.22 - Remote File URL Acceptance in Windows Media LoadersEPSS 0.3%CVE-2026-26316HIGHOpenClaw has BlueBubbles webhook auth bypass via loopback proxy trustEPSS 0.3%CVE-2026-28452MEDIUMOpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction in extractArchiveEPSS 0.3%CVE-2026-41399HIGHOpenClaw < 2026.3.28 - Denial of Service via Unbounded Pre-auth WebSocket UpgradesEPSS 0.3%CVE-2026-44994MEDIUMOpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config EndpointEPSS 0.3%CVE-2026-32913HIGHOpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin RedirectsEPSS 0.3%CVE-2026-42423HIGHOpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout FallbackEPSS 0.3%CVE-2026-32002MEDIUMOpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly BypassEPSS 0.3%CVE-2026-41334HIGHOpenClaw < 2026.3.31 - Decompression Bomb Denial of Service via Image Pixel-Limit Guard BypassEPSS 0.3%CVE-2026-35656MEDIUMOpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate LimiterEPSS 0.3%CVE-2026-53807HIGHOpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFromEPSS 0.3%CVE-2026-22178MEDIUMOpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention MetadataEPSS 0.3%CVE-2026-32924MEDIUMOpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in FeishuEPSS 0.3%