Vulnerabilidades em OpenClaw
537 resultadosCVE-2026-25253HIGHOpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket conneEPSS 8.0%CVE-2026-44112HIGHOpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge WritesEPSS 2.4%CVE-2026-32917CRITICALOpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCPEPSS 2.0%CVE-2026-26323HIGHOpenClaw has a command injection in maintainer clawtributors updaterEPSS 1.7%CVE-2026-27487HIGHOpenClaw: Prevent shell injection in macOS keychain credential writeEPSS 1.2%CVE-2026-32063MEDIUMOpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit GenerationEPSS 1.1%CVE-2026-53822HIGHOpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and ExecutionEPSS 1.0%CVE-2026-3689MEDIUMOpenClaw Canvas Path Traversal Information Disclosure VulnerabilityEPSS 0.9%CVE-2026-25157HIGHOpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommandEPSS 0.9%CVE-2026-32052MEDIUMOpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv CarriersEPSS 0.9%CVE-2026-25475MEDIUMOpenClaw Vulnerable to Local File Inclusion via MEDIA: Path ExtractionEPSS 0.7%CVE-2026-8634CRITICALCrabbox < v0.12.0 Environment Variable Information DisclosureEPSS 0.7%CVE-2026-32060HIGHOpenClaw < 2026.2.14 - Path Traversal in apply_patch via Crafted PathsEPSS 0.7%CVE-2026-44109CRITICALOpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action ValidationEPSS 0.7%CVE-2026-44998LOWOpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP ToolsEPSS 0.7%CVE-2026-32846HIGHOpenClaw < 2026.3.28 Media Parsing Path Traversal to Arbitrary File ReadEPSS 0.7%CVE-2026-3690HIGHOpenClaw Canvas Authentication Bypass VulnerabilityEPSS 0.7%CVE-2026-28446CRITICALOpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix MatchingEPSS 0.7%CVE-2026-25593HIGHOpenClaw Affected by Unauthenticated Local RCE via WebSocket config.applyEPSS 0.6%CVE-2026-32013HIGHOpenClaw < 2026.2.25 - Symlink Traversal in agents.files MethodsEPSS 0.6%