Vulnerabilidades em OpenClaw
537 resultadosCVE-2026-28363CRITICALIn OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compresEPSS 0.5%CVE-2026-35626MEDIUMOpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call WebhookEPSS 0.5%CVE-2026-26325HIGHOpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvalsEPSS 0.5%CVE-2026-45006HIGHOpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist BypassEPSS 0.5%CVE-2026-28474CRITICALOpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name SpoofingEPSS 0.5%CVE-2026-35650HIGHOpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent SanitizationEPSS 0.5%CVE-2026-26321HIGHOpenClaw has a local file disclosure via sendMediaFeishu in Feishu extensionEPSS 0.5%CVE-2026-41405HIGHOpenClaw < 2026.3.31 - Resource Exhaustion via Unauthenticated MS Teams Webhook Body ParsingEPSS 0.5%CVE-2026-27002HIGHOpenClaw: Docker container escape via unvalidated bind mount config injectionEPSS 0.5%CVE-2026-28470CRITICALOpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double QuotesEPSS 0.5%CVE-2026-41374MEDIUMOpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member AuthorizationEPSS 0.5%CVE-2026-41349HIGHOpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patchEPSS 0.5%CVE-2026-41397HIGHOpenClaw < 2026.3.31 - Sandbox Escape via Unrestricted File Sync and Symlink TraversalEPSS 0.5%CVE-2026-29610HIGHOpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH HandlingEPSS 0.5%CVE-2026-32916CRITICALOpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin ScopesEPSS 0.5%CVE-2026-3691MEDIUMOpenClaw Client PKCE Verifier Information Disclosure VulnerabilityEPSS 0.5%CVE-2026-41343MEDIUMOpenClaw < 2026.3.31 - Denial of Service via LINE Webhook Handler Pre-Auth ConcurrencyEPSS 0.5%CVE-2026-35639HIGHOpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope ValidationEPSS 0.5%CVE-2026-35627MEDIUMOpenClaw < 2026.3.22 - Unauthenticated Cryptographic Work in Nostr Inbound DM HandlingEPSS 0.5%CVE-2026-53836HIGHOpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command AliasesEPSS 0.5%