← Browse

Openclaw

67 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-53840 MEDIUM 6 Openclaw — OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that… 2026-06-16 CVE-2026-53841 LOW 2.1 Openclaw — OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserve… 2026-06-16 CVE-2026-53842 HIGH 7 Openclaw — OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env file… 2026-06-16 CVE-2026-53843 HIGH 8.7 Openclaw — OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped devi… 2026-06-16 CVE-2026-53844 MEDIUM 6 Openclaw — OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search tha… 2026-06-16 CVE-2026-53845 LOW 2.3 Openclaw — OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected… 2026-06-16 CVE-2026-53846 HIGH 7 Openclaw — OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace … 2026-06-16 CVE-2026-53847 MEDIUM 5.3 Openclaw — OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that a… 2026-06-16 CVE-2026-53848 LOW 2.3 Openclaw — OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to … 2026-06-16 CVE-2026-53849 HIGH 8.6 Openclaw — OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly … 2026-06-16 CVE-2026-53850 MEDIUM 6.8 Openclaw — OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that … 2026-06-16 CVE-2026-53851 MEDIUM 6.3 Openclaw — OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter… 2026-06-16 CVE-2026-53852 LOW 2.3 Openclaw — OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows a… 2026-06-16 CVE-2026-53853 HIGH 7.6 Openclaw — OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows att… 2026-06-16 CVE-2026-53854 MEDIUM 6 Openclaw — OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authen… 2026-06-16 CVE-2026-53855 HIGH 7.6 Openclaw — OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weak… 2026-06-16 CVE-2026-53856 MEDIUM 5.7 Openclaw — OpenClaw 2026.4.23 before 2026.4.24 contains an insecure file permissions vulnerability in config recovery tha… 2026-06-16 CVE-2026-53857 HIGH 8.6 Openclaw — OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display … 2026-06-16 CVE-2026-53858 HIGH 7 Openclaw — OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_D… 2026-06-16 CVE-2026-53859 MEDIUM 6 Openclaw — OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist … 2026-06-16 CVE-2026-53860 LOW 2.3 Openclaw — OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants… 2026-06-16 CVE-2026-53861 MEDIUM 5.3 Openclaw — OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misse… 2026-06-16 CVE-2026-53862 LOW 2.3 Openclaw — OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token … 2026-06-16 CVE-2026-53863 MEDIUM 6 Openclaw — OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept … 2026-06-16 CVE-2026-53864 HIGH 7.6 Openclaw — OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitize… 2026-06-16 CVE-2026-53865 HIGH 7.2 Openclaw — OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows wor… 2026-06-16 CVE-2026-53866 HIGH 7.6 Openclaw — OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allo… 2026-06-16 CVE-2026-53820 MEDIUM 6.9 Openclaw — OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-sp… 2026-06-12 CVE-2026-53821 HIGH 8.7 Openclaw — OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved … 2026-06-12 CVE-2026-53822 HIGH 8.7 Openclaw — OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change bet… 2026-06-12 CVE-2026-53823 HIGH 8.6 Openclaw — OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to … 2026-06-12 CVE-2026-53824 MEDIUM 6 Openclaw — OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens… 2026-06-12 CVE-2026-53825 HIGH 7.1 Openclaw — OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that … 2026-06-12 CVE-2026-53826 LOW 2.3 Openclaw — OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that … 2026-06-12 CVE-2026-53827 MEDIUM 6 Openclaw — OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows… 2026-06-12 CVE-2026-53828 HIGH 7.7 Openclaw — OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows… 2026-06-12 CVE-2026-53829 HIGH 8.5 Openclaw — OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users t… 2026-06-12 CVE-2026-53830 MEDIUM 6 Openclaw — OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old … 2026-06-12 CVE-2026-53831 HIGH 7.6 Openclaw — OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validat… 2026-06-12 CVE-2026-53832 HIGH 7.4 Openclaw — OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host caller… 2026-06-12 CVE-2026-53833 HIGH 7.4 Openclaw — OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that a… 2026-06-12 CVE-2026-53834 HIGH 8.2 Openclaw — OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands … 2026-06-12 CVE-2026-53835 LOW 2.3 Openclaw — OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bin… 2026-06-12 CVE-2026-53836 HIGH 8.7 Openclaw — OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling th… 2026-06-12 CVE-2026-53837 MEDIUM 6.3 Openclaw — OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that f… 2026-06-12 CVE-2026-53838 MEDIUM 6 Openclaw — OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows pai… 2026-06-12 CVE-2026-53839 MEDIUM 6 Openclaw — OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows mat… 2026-06-12 CVE-2026-53806 HIGH 7.7 Openclaw — OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags… 2026-06-11 CVE-2026-53807 HIGH 7.7 Openclaw — OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that… 2026-06-11 CVE-2026-53808 MEDIUM 6 Openclaw — OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow tha… 2026-06-11 CVE-2026-53809 MEDIUM 4.8 Openclaw — OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows request… 2026-06-11 CVE-2026-53810 HIGH 7.7 Openclaw — OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata… 2026-06-11 CVE-2026-53811 HIGH 7.7 Openclaw — OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that al… 2026-06-11 CVE-2026-53812 MEDIUM 4.9 Openclaw — OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows … 2026-06-11 CVE-2026-53813 HIGH 7.3 Openclaw — OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where worksp… 2026-06-11 CVE-2026-53814 HIGH 8.7 Openclaw — OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorr… 2026-06-11 CVE-2026-53815 HIGH 7.1 Openclaw — OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips ch… 2026-06-11 CVE-2026-53816 HIGH 8.6 Openclaw — OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling … 2026-06-11 CVE-2026-53817 HIGH 8.7 Openclaw — OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attac… 2026-06-11 CVE-2026-53818 MEDIUM 6.9 Openclaw — OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allo… 2026-06-11 CVE-2026-53819 HIGH 8.7 Openclaw — OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where work… 2026-06-11 CVE-2026-32905 HIGH 8.7 Openclaw — OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that… 2026-05-29 CVE-2026-32906 LOW 2.3 Openclaw — OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows … 2026-05-29 CVE-2026-34507 LOW 2.3 Openclaw — OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authentic… 2026-05-29 CVE-2026-35630 HIGH 7.5 Openclaw — OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that… 2026-05-29 CVE-2026-35673 MEDIUM 5.9 Openclaw — OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that… 2026-05-29 CVE-2026-35674 HIGH 8.7 Openclaw — OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows sco… 2026-05-29