Filtered by vendor Openclaw
Subscribe
Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-43580 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 7.7 HIGH |
| OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation. | |||||
| CVE-2026-43581 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 9.6 CRITICAL |
| OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration. | |||||
| CVE-2026-43527 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 7.7 HIGH |
| OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests. | |||||
| CVE-2026-42438 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 7.7 HIGH |
| OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading to bypass sender and group-scoped authorization boundaries and retrieve readable local files through the outbound media path. | |||||
| CVE-2026-42439 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 8.5 HIGH |
| OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operations. | |||||
| CVE-2026-43526 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 8.2 HIGH |
| OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel. | |||||
| CVE-2026-43528 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication material, and channel credentials that should have been redacted. | |||||
| CVE-2026-43529 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 2.5 LOW |
| OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and preflight read, causing the validator to inspect a different file identity than the one that passed the initial boundary check. | |||||
| CVE-2026-43532 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 7.7 HIGH |
| OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media. | |||||
| CVE-2026-43533 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 8.6 HIGH |
| OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbound media handling. | |||||
| CVE-2026-43534 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 9.1 CRITICAL |
| OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context. | |||||
| CVE-2026-43566 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 9.1 CRITICAL |
| OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when the run should have been downgraded. | |||||
| CVE-2026-43567 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system. | |||||
| CVE-2026-43568 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 6.5 MEDIUM |
| OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to escalate privileges. | |||||
| CVE-2026-43569 | 1 Openclaw | 1 Openclaw | 2026-05-07 | N/A | 8.8 HIGH |
| OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent. | |||||
| CVE-2026-28474 | 1 Openclaw | 1 Openclaw | 2026-05-06 | N/A | 9.8 CRITICAL |
| OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations. | |||||
| CVE-2026-41360 | 1 Openclaw | 1 Openclaw | 2026-05-01 | N/A | 6.7 MEDIUM |
| OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script contents. | |||||
| CVE-2026-41358 | 1 Openclaw | 1 Openclaw | 2026-05-01 | N/A | 5.4 MEDIUM |
| OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model context. | |||||
| CVE-2026-41354 | 1 Openclaw | 1 Openclaw | 2026-05-01 | N/A | 3.7 LOW |
| OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and disrupt bot workflows across chat sessions. | |||||
| CVE-2026-41353 | 1 Openclaw | 1 Openclaw | 2026-05-01 | N/A | 8.1 HIGH |
| OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profiles at runtime to access restricted profiles and bypass intended access controls. | |||||