Vulnerabilidades em openclaw
537 resultadosCVE-2026-40045MEDIUMOpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway EndpointsEPSS 0.1%CVE-2026-53846HIGHOpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpathEPSS 0.1%CVE-2026-41390HIGHOpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script WrapperEPSS 0.1%CVE-2026-35659MEDIUMOpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD DiscoveryEPSS 0.1%CVE-2026-41393MEDIUMOpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance and Credential Exfiltration via Wide-Area DiscoveryEPSS 0.1%CVE-2026-41915MEDIUMOpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec EnvironmentEPSS 0.1%CVE-2026-53813HIGHOpenClaw < 2026.4.25 - Arbitrary Artifact Loading via Fake Package Root ResolutionEPSS 0.1%CVE-2026-41398LOWOpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI BridgeEPSS 0.1%CVE-2026-41347LOWOpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator EndpointsEPSS 0.1%CVE-2026-44118HIGHOpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token HeaderEPSS 0.1%CVE-2026-32041HIGHOpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth BootstrapEPSS 0.1%CVE-2026-27183LOWOpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth MismatchEPSS 0.1%CVE-2026-41332MEDIUMOpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable BlocklistEPSS 0.1%CVE-2026-45003MEDIUMOpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv FilesEPSS 0.1%CVE-2026-27004MEDIUMOpenClaw session tool visibility hardening and Telegram webhook secret fallbackEPSS 0.1%CVE-2026-27646MEDIUMOpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn CommandEPSS 0.1%CVE-2026-32970LOWOpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefsEPSS 0.1%CVE-2026-53832HIGHOpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy ConfigurationEPSS 0.1%CVE-2026-32918CRITICALOpenClaw < 2026.3.11 - Session Sandbox Escape via session_status ToolEPSS 0.1%CVE-2026-26327HIGHOpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinningEPSS 0.1%