Filtered by vendor Openclaw
Subscribe
Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-41303 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host execution requests. | |||||
| CVE-2026-41329 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 9.9 CRITICAL |
| OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation. | |||||
| CVE-2026-41330 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 4.4 MEDIUM |
| OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement. | |||||
| CVE-2026-41331 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by initiating audio preflight operations before authorization checks are applied. | |||||
| CVE-2026-41294 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 8.6 HIGH |
| OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment settings during OpenClaw startup. | |||||
| CVE-2026-41295 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 7.8 HIGH |
| OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code execution before the plugin is explicitly trusted. | |||||
| CVE-2026-41296 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 8.2 HIGH |
| OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files. | |||||
| CVE-2026-41297 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 7.6 HIGH |
| OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive downloads, enabling remote attackers to redirect requests to arbitrary internal or external servers. | |||||
| CVE-2026-40045 | 1 Openclaw | 1 Openclaw | 2026-04-24 | N/A | 5.7 MEDIUM |
| OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials. | |||||
| CVE-2026-34511 | 1 Openclaw | 1 Openclaw | 2026-04-22 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption. | |||||
| CVE-2026-28476 | 1 Openclaw | 1 Openclaw | 2026-04-21 | N/A | 8.3 HIGH |
| OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP requests to arbitrary hosts including internal addresses. | |||||
| CVE-2026-32018 | 1 Openclaw | 1 Openclaw | 2026-04-20 | N/A | 3.6 LOW |
| OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data, resurrect removed entries, or corrupt sandbox state affecting list, prune, and recreate operations. | |||||
| CVE-2026-32019 | 1 Openclaw | 1 Openclaw | 2026-04-20 | N/A | 7.4 HIGH |
| OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit web_fetch functionality to access blocked addresses such as 198.18.0.0/15 and other non-global ranges. | |||||
| CVE-2026-32035 | 1 Openclaw | 1 Openclaw | 2026-04-20 | N/A | 5.9 MEDIUM |
| OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in mixed-trust channels. | |||||
| CVE-2026-35618 | 1 Openclaw | 1 Openclaw | 2026-04-17 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized base URL, enabling attackers to mint new verified request keys through unsigned query-only changes to signed requests. | |||||
| CVE-2026-35622 | 1 Openclaw | 1 Openclaw | 2026-04-17 | N/A | 5.9 MEDIUM |
| OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execute unauthorized actions through the Google Chat integration. | |||||
| CVE-2026-35624 | 1 Openclaw | 1 Openclaw | 2026-04-17 | N/A | 4.2 MEDIUM |
| OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms. | |||||
| CVE-2026-35627 | 1 Openclaw | 1 Openclaw | 2026-04-16 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through resource exhaustion. | |||||
| CVE-2026-35634 | 1 Openclaw | 1 Openclaw | 2026-04-16 | N/A | 5.1 MEDIUM |
| OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket requests to Canvas routes to bypass authentication and gain unauthorized access. | |||||
| CVE-2026-35636 | 1 Openclaw | 1 Openclaw | 2026-04-16 | N/A | 6.5 MEDIUM |
| OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions. | |||||