Filtered by vendor Openclaw
Subscribe
Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-41352 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation. | |||||
| CVE-2026-41362 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 4.3 MEDIUM |
| OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress legitimate events on different accounts by matching event_name and message_id parameters. | |||||
| CVE-2026-41363 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 5.3 MEDIUM |
| OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during upload_image operations to read arbitrary files outside configured localRoots boundaries. | |||||
| CVE-2026-41364 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 8.1 HIGH |
| OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host. | |||||
| CVE-2026-41366 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 5.5 MEDIUM |
| OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files. | |||||
| CVE-2026-41367 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 5.0 MEDIUM |
| OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement. | |||||
| CVE-2026-41368 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using $ENV in jq programs to access sensitive environment variables that should be restricted. | |||||
| CVE-2026-41369 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system configurations and compromise host execution integrity. | |||||
| CVE-2026-41371 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 8.5 HIGH |
| OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin scope by exploiting improper authorization checks in the chat.send path. | |||||
| CVE-2026-41372 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 5.8 MEDIUM |
| OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose browser state. | |||||
| CVE-2026-41365 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 5.4 MEDIUM |
| OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions. | |||||
| CVE-2026-41370 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories. | |||||
| CVE-2026-3691 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 5.3 MEDIUM |
| OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow. The specific flaw exists within the implementation of OAuth authorization. The issue results from the exposure of sensitive data in the authorization URL query string. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-29381. | |||||
| CVE-2026-3690 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 7.4 HIGH |
| OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311. | |||||
| CVE-2026-3689 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 6.5 MEDIUM |
| OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the path parameters provided to the canvas gateway endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-29312. | |||||
| CVE-2026-41301 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 5.3 MEDIUM |
| OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairing entries and trigger pairing-reply attempts, consuming shared pairing capacity and triggering bounded relay and logging work on the Nostr channel. | |||||
| CVE-2026-41300 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 6.5 MEDIUM |
| OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance. | |||||
| CVE-2026-41299 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 7.1 HIGH |
| OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge by manipulating client metadata during connection. | |||||
| CVE-2026-41298 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 5.4 MEDIUM |
| OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls. | |||||
| CVE-2026-41302 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 7.6 HIGH |
| OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch() calls to access internal resources or interact with external services on behalf of the affected system. | |||||