Vulnerabilidades em OpenClaw
537 resultadosCVE-2026-22176MEDIUMOpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script GenerationEPSS 0.6%CVE-2026-22179HIGHOpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.runEPSS 0.6%CVE-2026-33579CRITICALOpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair ApprovalEPSS 0.6%CVE-2026-32000MEDIUMOpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool ExecutionEPSS 0.6%CVE-2026-35653HIGHOpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.requestEPSS 0.6%CVE-2026-31994MEDIUMOpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script GenerationEPSS 0.6%CVE-2026-32056HIGHOpenClaw < 2026.2.22 - Remote Code Execution via Shell Startup Environment Variable Injection in system.runEPSS 0.6%CVE-2026-33581HIGHOpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl ParametersEPSS 0.6%CVE-2026-41352HIGHOpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate BypassEPSS 0.5%CVE-2026-32049HIGHOpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit BypassEPSS 0.5%CVE-2026-43585CRITICALOpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef ResolutionEPSS 0.5%CVE-2026-32922CRITICALOpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotateEPSS 0.5%CVE-2026-41364HIGHOpenClaw < 2026.3.31 - Arbitrary File Write via Symlink Following in SSH Sandbox Tar UploadEPSS 0.5%CVE-2026-41400MEDIUMOpenClaw < 2026.3.31 - Resource Consumption via Oversized WebSocket Frames in voice-callEPSS 0.5%CVE-2026-32980HIGHOpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook RequestEPSS 0.5%CVE-2026-32003HIGHOpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.runEPSS 0.5%CVE-2026-31995MEDIUMOpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster ExtensionEPSS 0.5%CVE-2026-32064HIGHOpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC ObserverEPSS 0.5%CVE-2026-22172CRITICALOpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth ConnectionsEPSS 0.5%CVE-2026-28391CRITICALOpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist EnforcementEPSS 0.5%