Filtered by vendor Openclaw
Subscribe
Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32976 | 1 Openclaw | 1 Openclaw | 2026-04-02 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels.<provider>.accounts.<id> to modify configuration on target accounts with configWrites: false. | |||||
| CVE-2026-32977 | 1 Openclaw | 1 Openclaw | 2026-04-02 | N/A | 6.3 MEDIUM |
| OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox to redirect committed files outside the validated writable path within the container mount namespace. | |||||
| CVE-2026-32982 | 1 Openclaw | 1 Openclaw | 2026-04-02 | N/A | 7.5 HIGH |
| OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to logs and error surfaces. | |||||
| CVE-2026-32988 | 1 Openclaw | 1 Openclaw | 2026-04-02 | N/A | 7.5 HIGH |
| OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes outside the intended validated path before the final guarded replace step executes. | |||||
| CVE-2026-34505 | 1 Openclaw | 1 Openclaw | 2026-04-02 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling systematic secret guessing and subsequent forged webhook submission. | |||||
| CVE-2026-34503 | 1 Openclaw | 1 Openclaw | 2026-04-02 | N/A | 8.1 HIGH |
| OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection. | |||||
| CVE-2026-34504 | 1 Openclaw | 1 Openclaw | 2026-04-02 | N/A | 8.3 HIGH |
| OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and responses through the image pipeline. | |||||
| CVE-2026-34506 | 1 Openclaw | 1 Openclaw | 2026-04-01 | N/A | 4.3 MEDIUM |
| OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, permitting any sender in the matched team/channel to trigger replies in allowlisted Teams routes. | |||||
| CVE-2026-33576 | 1 Openclaw | 1 Openclaw | 2026-04-01 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected. | |||||
| CVE-2026-33577 | 1 Openclaw | 1 Openclaw | 2026-04-01 | N/A | 8.1 HIGH |
| OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired nodes beyond their authorization level. | |||||
| CVE-2026-33578 | 1 Openclaw | 1 Openclaw | 2026-04-01 | N/A | 4.3 MEDIUM |
| OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots despite configured allowlist restrictions. | |||||
| CVE-2026-33581 | 1 Openclaw | 1 Openclaw | 2026-04-01 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidated alias parameters to access files outside the intended sandbox directory. | |||||
| CVE-2026-33580 | 1 Openclaw | 1 Openclaw | 2026-04-01 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting authentication without throttling. | |||||
| CVE-2026-32914 | 1 Openclaw | 1 Openclaw | 2026-03-31 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted to owners by exploiting missing owner-level permission checks. | |||||
| CVE-2026-32915 | 1 Openclaw | 1 Openclaw | 2026-03-31 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests. | |||||
| CVE-2026-32918 | 1 Openclaw | 1 Openclaw | 2026-03-31 | N/A | 8.4 HIGH |
| OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides. | |||||
| CVE-2026-32919 | 1 Openclaw | 1 Openclaw | 2026-03-31 | N/A | 6.1 MEDIUM |
| OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding operator.admin privileges. | |||||
| CVE-2026-32922 | 1 Openclaw | 1 Openclaw | 2026-03-31 | N/A | 9.9 CRITICAL |
| OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access. | |||||
| CVE-2026-32923 | 1 Openclaw | 1 Openclaw | 2026-03-31 | N/A | 5.4 MEDIUM |
| OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted system events, injecting reaction text into downstream session context. | |||||
| CVE-2026-32924 | 1 Openclaw | 1 Openclaw | 2026-03-31 | N/A | 9.8 CRITICAL |
| OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group chat reaction-derived events. | |||||