Filtered by vendor Openclaw
Subscribe
Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-35617 | 1 Openclaw | 1 Openclaw | 2026-04-16 | N/A | 4.2 MEDIUM |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources. | |||||
| CVE-2026-35623 | 1 Openclaw | 1 Openclaw | 2026-04-16 | N/A | 4.8 MEDIUM |
| OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password guesses to the webhook endpoint to compromise authentication and gain unauthorized access. | |||||
| CVE-2026-35625 | 1 Openclaw | 1 Openclaw | 2026-04-16 | N/A | 7.8 HIGH |
| OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node. | |||||
| CVE-2026-35628 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 4.8 MEDIUM |
| OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook secrets through brute-force attacks. | |||||
| CVE-2026-35629 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 7.4 HIGH |
| OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources. | |||||
| CVE-2026-35640 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before signature rejection. | |||||
| CVE-2026-35642 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 4.3 MEDIUM |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted. | |||||
| CVE-2026-35645 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 8.1 HIGH |
| OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with unintended administrative scope. | |||||
| CVE-2026-35646 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 4.8 MEDIUM |
| OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests. | |||||
| CVE-2026-34425 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 5.4 MEDIUM |
| OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the validateScriptFileForShellBleed() validation checks and execute arbitrary script content that would otherwise be blocked. | |||||
| CVE-2026-34512 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 8.1 HIGH |
| OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing ownership and operator scope restrictions. | |||||
| CVE-2026-35626 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassing signature validation. | |||||
| CVE-2026-35631 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates. | |||||
| CVE-2026-35632 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 7.1 HIGH |
| OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files, enabling remote code execution via crontab injection or unauthorized access via SSH key manipulation. | |||||
| CVE-2026-35633 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs. | |||||
| CVE-2026-35635 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 4.8 MEDIUM |
| OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access control policies and replace route ownership across accounts. | |||||
| CVE-2026-35637 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 7.3 HIGH |
| OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation occurs. | |||||
| CVE-2026-35638 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions by declaring arbitrary scopes, bypassing device identity requirements. | |||||
| CVE-2026-35639 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure. | |||||
| CVE-2026-35644 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components. | |||||