Openclaw
67 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-53840
MEDIUM 6
Openclaw — OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that…
2026-06-16
CVE-2026-53841
LOW 2.1
Openclaw — OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserve…
2026-06-16
CVE-2026-53842
HIGH 7
Openclaw — OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env file…
2026-06-16
CVE-2026-53843
HIGH 8.7
Openclaw — OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped devi…
2026-06-16
CVE-2026-53844
MEDIUM 6
Openclaw — OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search tha…
2026-06-16
CVE-2026-53845
LOW 2.3
Openclaw — OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected…
2026-06-16
CVE-2026-53846
HIGH 7
Openclaw — OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace …
2026-06-16
CVE-2026-53847
MEDIUM 5.3
Openclaw — OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that a…
2026-06-16
CVE-2026-53848
LOW 2.3
Openclaw — OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to …
2026-06-16
CVE-2026-53849
HIGH 8.6
Openclaw — OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly …
2026-06-16
CVE-2026-53850
MEDIUM 6.8
Openclaw — OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that …
2026-06-16
CVE-2026-53851
MEDIUM 6.3
Openclaw — OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter…
2026-06-16
CVE-2026-53852
LOW 2.3
Openclaw — OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows a…
2026-06-16
CVE-2026-53853
HIGH 7.6
Openclaw — OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows att…
2026-06-16
CVE-2026-53854
MEDIUM 6
Openclaw — OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authen…
2026-06-16
CVE-2026-53855
HIGH 7.6
Openclaw — OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weak…
2026-06-16
CVE-2026-53856
MEDIUM 5.7
Openclaw — OpenClaw 2026.4.23 before 2026.4.24 contains an insecure file permissions vulnerability in config recovery tha…
2026-06-16
CVE-2026-53857
HIGH 8.6
Openclaw — OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display …
2026-06-16
CVE-2026-53858
HIGH 7
Openclaw — OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_D…
2026-06-16
CVE-2026-53859
MEDIUM 6
Openclaw — OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist …
2026-06-16
CVE-2026-53860
LOW 2.3
Openclaw — OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants…
2026-06-16
CVE-2026-53861
MEDIUM 5.3
Openclaw — OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misse…
2026-06-16
CVE-2026-53862
LOW 2.3
Openclaw — OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token …
2026-06-16
CVE-2026-53863
MEDIUM 6
Openclaw — OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept …
2026-06-16
CVE-2026-53864
HIGH 7.6
Openclaw — OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitize…
2026-06-16
CVE-2026-53865
HIGH 7.2
Openclaw — OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows wor…
2026-06-16
CVE-2026-53866
HIGH 7.6
Openclaw — OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allo…
2026-06-16
CVE-2026-53820
MEDIUM 6.9
Openclaw — OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-sp…
2026-06-12
CVE-2026-53821
HIGH 8.7
Openclaw — OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved …
2026-06-12
CVE-2026-53822
HIGH 8.7
Openclaw — OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change bet…
2026-06-12
CVE-2026-53823
HIGH 8.6
Openclaw — OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to …
2026-06-12
CVE-2026-53824
MEDIUM 6
Openclaw — OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens…
2026-06-12
CVE-2026-53825
HIGH 7.1
Openclaw — OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that …
2026-06-12
CVE-2026-53826
LOW 2.3
Openclaw — OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that …
2026-06-12
CVE-2026-53827
MEDIUM 6
Openclaw — OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows…
2026-06-12
CVE-2026-53828
HIGH 7.7
Openclaw — OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows…
2026-06-12
CVE-2026-53829
HIGH 8.5
Openclaw — OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users t…
2026-06-12
CVE-2026-53830
MEDIUM 6
Openclaw — OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old …
2026-06-12
CVE-2026-53831
HIGH 7.6
Openclaw — OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validat…
2026-06-12
CVE-2026-53832
HIGH 7.4
Openclaw — OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host caller…
2026-06-12
CVE-2026-53833
HIGH 7.4
Openclaw — OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that a…
2026-06-12
CVE-2026-53834
HIGH 8.2
Openclaw — OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands …
2026-06-12
CVE-2026-53835
LOW 2.3
Openclaw — OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bin…
2026-06-12
CVE-2026-53836
HIGH 8.7
Openclaw — OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling th…
2026-06-12
CVE-2026-53837
MEDIUM 6.3
Openclaw — OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that f…
2026-06-12
CVE-2026-53838
MEDIUM 6
Openclaw — OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows pai…
2026-06-12
CVE-2026-53839
MEDIUM 6
Openclaw — OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows mat…
2026-06-12
CVE-2026-53806
HIGH 7.7
Openclaw — OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags…
2026-06-11
CVE-2026-53807
HIGH 7.7
Openclaw — OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that…
2026-06-11
CVE-2026-53808
MEDIUM 6
Openclaw — OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow tha…
2026-06-11
CVE-2026-53809
MEDIUM 4.8
Openclaw — OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows request…
2026-06-11
CVE-2026-53810
HIGH 7.7
Openclaw — OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata…
2026-06-11
CVE-2026-53811
HIGH 7.7
Openclaw — OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that al…
2026-06-11
CVE-2026-53812
MEDIUM 4.9
Openclaw — OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows …
2026-06-11
CVE-2026-53813
HIGH 7.3
Openclaw — OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where worksp…
2026-06-11
CVE-2026-53814
HIGH 8.7
Openclaw — OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorr…
2026-06-11
CVE-2026-53815
HIGH 7.1
Openclaw — OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips ch…
2026-06-11
CVE-2026-53816
HIGH 8.6
Openclaw — OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling …
2026-06-11
CVE-2026-53817
HIGH 8.7
Openclaw — OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attac…
2026-06-11
CVE-2026-53818
MEDIUM 6.9
Openclaw — OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allo…
2026-06-11
CVE-2026-53819
HIGH 8.7
Openclaw — OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where work…
2026-06-11
CVE-2026-32905
HIGH 8.7
Openclaw — OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that…
2026-05-29
CVE-2026-32906
LOW 2.3
Openclaw — OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows …
2026-05-29
CVE-2026-34507
LOW 2.3
Openclaw — OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authentic…
2026-05-29
CVE-2026-35630
HIGH 7.5
Openclaw — OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that…
2026-05-29
CVE-2026-35673
MEDIUM 5.9
Openclaw — OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that…
2026-05-29
CVE-2026-35674
HIGH 8.7
Openclaw — OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows sco…
2026-05-29