VYPR

Openclaw

by OpenClaw

npm: openclaw

Source repositories

CVEs (537)

  • CVE-2026-53841MedJun 16, 2026
    risk 0.33cvss 6.1epss 0.00

    OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a…

  • CVE-2026-41373MedApr 28, 2026
    risk 0.33cvss 6.1epss 0.00

    OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUILD_RUSTC, and CMAKE_C_COMPILER via environment overrides. Attackers with…

  • CVE-2026-35667MedApr 10, 2026
    risk 0.33cvss 6.1epss 0.00

    OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the…

  • CVE-2026-33574MedMar 29, 2026
    risk 0.33cvss 6.2epss 0.00

    OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation…

  • CVE-2026-32919MedMar 29, 2026
    risk 0.33cvss 6.1epss 0.00

    OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation…

  • CVE-2026-22217MedMar 18, 2026
    risk 0.33cvss 6.1epss 0.00

    OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL…

  • CVE-2026-22177MedMar 18, 2026
    risk 0.33cvss 6.1epss 0.00

    OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE_OPTIONS or LD_* through configuration to execute arbitrary code in the…

  • CVE-2026-45005MedMay 11, 2026
    risk 0.32cvss 6.0epss 0.00

    OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured…

  • CVE-2026-44117MedMay 6, 2026
    risk 0.31cvss 5.8epss 0.00

    OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended…

  • CVE-2026-41372MedApr 28, 2026
    risk 0.31cvss 5.8epss 0.00

    OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost…

  • CVE-2026-41389MedApr 20, 2026
    risk 0.31cvss 5.8epss 0.00

    OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access,…

  • CVE-2026-35670MedApr 10, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect…

  • CVE-2026-35622MedApr 9, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on…

  • CVE-2026-32035MedMar 19, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron…

  • CVE-2026-42424MedApr 28, 2026
    risk 0.30cvss 5.7epss 0.00

    OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as…

  • CVE-2026-40045MedApr 21, 2026
    risk 0.30cvss 5.7epss 0.00

    OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext…

  • CVE-2026-35655MedApr 10, 2026
    risk 0.30cvss 5.7epss 0.00

    OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and…

  • CVE-2026-53856MedJun 16, 2026
    risk 0.29cvss 5.5epss 0.00

    OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts can read sensitive configuration data by exploiting the recovery path to access the…

  • CVE-2026-53850MedJun 16, 2026
    risk 0.29cvss 5.5epss 0.00

    OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended…

  • CVE-2026-41366MedApr 28, 2026
    risk 0.29cvss 5.5epss 0.00

    OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive…

Page 12 of 27