VYPR

npm package

openclaw

pkg:npm/openclaw

Vulnerabilities (393)

  • CVE-2026-41407LowApr 28, 2026
    affected < 2026.4.2fixed 2026.4.2

    OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening con

  • CVE-2026-41406MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content

  • CVE-2026-41405HigApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicious Teams webhook payloads to exhaust server resources by bypassing authentication

  • CVE-2026-41404HigApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to

  • CVE-2026-41403LowApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local

  • CVE-2026-41402MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protectio

  • CVE-2026-41400MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service.

  • CVE-2026-41399HigApr 28, 2026
    affected < 2026.3.28fixed 2026.3.28

    OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients.

  • CVE-2026-41398MedApr 28, 2026
    affected < 2026.4.2fixed 2026.4.2

    OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet ho

  • CVE-2026-41397MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror syn

  • CVE-2026-41396HigApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust

  • CVE-2026-41395HigApr 28, 2026
    affected < 2026.3.28fixed 2026.3.28

    OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger dupl

  • CVE-2026-41394HigApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized op

  • CVE-2026-41393MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS authorities. Attackers with same-tailnet position and CA-trusted endpoint access can exfiltrate operator credentials through DNS steering manipulation.

  • CVE-2026-41392MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen initializati

  • CVE-2026-41391MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management opera

  • CVE-2026-41390HigApr 28, 2026
    affected < 2026.3.28fixed 2026.3.28

    OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper bi

  • CVE-2026-41388MedApr 28, 2026
    affected < 2026.3.31fixed 2026.3.31

    OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls

  • CVE-2026-41387HigApr 28, 2026
    affected < 2026.3.22fixed 2026.3.22

    OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package reso

  • CVE-2026-41386CriApr 28, 2026
    affected < 2026.3.22fixed 2026.3.22

    OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and s

Page 4 of 20