Vulnerabilidades em openclaw
537 resultadosCVE-2026-27484LOWOpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flowsEPSS 0.2%CVE-2026-43534CRITICALOpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook EventsEPSS 0.2%CVE-2026-32014HIGHOpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform FieldsEPSS 0.2%CVE-2026-32029MEDIUMOpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header ParsingEPSS 0.2%CVE-2026-53837MEDIUMOpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event HandlersEPSS 0.2%CVE-2026-42427MEDIUMOpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable InjectionEPSS 0.2%CVE-2026-42430MEDIUMOpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect HandlingEPSS 0.2%CVE-2026-53841LOWOpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTMLEPSS 0.2%CVE-2026-53826LOWOpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session SpawnEPSS 0.2%CVE-2026-41298MEDIUMOpenClaw < 2026.4.2 - Authorization Bypass in Session Termination EndpointEPSS 0.2%CVE-2026-41356LOWOpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotateEPSS 0.2%CVE-2026-42421LOWOpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token RotationEPSS 0.2%CVE-2026-53845LOWOpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook SkippingEPSS 0.2%CVE-2026-53848LOWOpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command WrappersEPSS 0.2%CVE-2026-31989MEDIUMOpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation RedirectEPSS 0.2%CVE-2026-41366MEDIUMOpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-WhitelistingEPSS 0.2%CVE-2026-53824MEDIUMMattermost plugin for OpenClaw < 2026.4.24 - Slash Token Revocation Lag via Monitor Refresh DelayEPSS 0.2%CVE-2026-42424MEDIUMOpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA PathsEPSS 0.2%CVE-2026-32895MEDIUMOpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event HandlersEPSS 0.2%CVE-2026-32978CRITICALOpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script RunnersEPSS 0.2%