Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-42428 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 7.1 HIGH |
| OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment. | |||||
| CVE-2026-42427 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and achieve arbitrary code execution. | |||||
| CVE-2026-42424 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 5.7 MEDIUM |
| OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated media. | |||||
| CVE-2026-42426 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 8.8 HIGH |
| OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to exec-capable nodes. | |||||
| CVE-2026-42423 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 7.5 HIGH |
| OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval, circumventing the intended security boundary. | |||||
| CVE-2026-42422 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 8.8 HIGH |
| OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval. | |||||
| CVE-2026-42420 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 4.3 MEDIUM |
| OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input. | |||||
| CVE-2026-41916 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 5.4 MEDIUM |
| OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through config reload operations. | |||||
| CVE-2026-41915 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT_DIR and related variables to redirect git operations and compromise repository integrity. | |||||
| CVE-2026-42421 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 5.4 MEDIUM |
| OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token sessions. | |||||
| CVE-2026-41914 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 8.5 HIGH |
| OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies. | |||||
| CVE-2026-41374 | 1 Openclaw | 1 Openclaw | 2026-04-30 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion. | |||||
| CVE-2026-41332 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files to execute untrusted code or load malicious credentials. | |||||
| CVE-2026-41339 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 4.3 MEDIUM |
| OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks. | |||||
| CVE-2026-41341 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 5.4 MEDIUM |
| OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling. | |||||
| CVE-2026-41342 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 7.3 HIGH |
| OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture gateway credentials or traffic. | |||||
| CVE-2026-41344 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 5.4 MEDIUM |
| OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or tool output intended to be restricted to administrators. | |||||
| CVE-2026-41346 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 5.3 MEDIUM |
| OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on unaffected accounts, causing denial of service. | |||||
| CVE-2026-41348 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 5.4 MEDIUM |
| OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted group DM channels. | |||||
| CVE-2026-41349 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent. | |||||