Vulnerabilidades em openclaw
537 resultadosCVE-2026-28486MEDIUMOpenClaw 2026.1.16-2 < 2026.2.14 - Path Traversal (Zip Slip) in Archive Extraction via Installation CommandsEPSS 0.2%CVE-2026-31991LOWOpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group AllowlistEPSS 0.2%CVE-2026-41357LOWOpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox BackendsEPSS 0.2%CVE-2026-44999MEDIUMOpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness EventsEPSS 0.2%CVE-2026-32923MEDIUMOpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist EnforcementEPSS 0.2%CVE-2026-41395HIGHOpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3EPSS 0.1%CVE-2026-32040LOWOpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL InterpolationEPSS 0.1%CVE-2026-34507LOWOpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Commands via DM-only and allowFrom ChecksEPSS 0.1%CVE-2026-35667MEDIUMOpenClaw < 2026.3.24 - Improper Process Termination via Unpatched killProcessTree in shell-utils.tsEPSS 0.1%CVE-2026-32061MEDIUMOpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path TraversalEPSS 0.1%CVE-2026-45004HIGHOpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working DirectoryEPSS 0.1%CVE-2026-45224MEDIUMCrabbox < 0.9.0 Path Traversal via Islo Provider Workspace ResolutionEPSS 0.1%CVE-2026-41384HIGHOpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI BackendEPSS 0.1%CVE-2026-32915CRITICALOpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control SurfaceEPSS 0.1%CVE-2026-27003MEDIUMOpenClaw: Telegram bot token exposure via logsEPSS 0.1%CVE-2026-28468HIGHOpenClaw 2026.1.29-beta.1 < 2026.2.14 - Authentication Bypass in Sandbox Browser Bridge ServerEPSS 0.1%CVE-2026-35634MEDIUMOpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas GatewayEPSS 0.1%CVE-2026-41358LOWOpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread ContextEPSS 0.1%CVE-2026-31996LOWOpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flagsEPSS 0.1%CVE-2026-26317HIGHOpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpointsEPSS 0.1%