VYPR

Openclaw

by OpenClaw

npm: openclaw

Source repositories

CVEs (537)

  • CVE-2026-6011MedApr 10, 2026
    risk 0.29cvss 5.6epss 0.00

    A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack…

  • CVE-2026-53852MedJun 16, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests…

  • CVE-2026-53847MedJun 16, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can…

  • CVE-2026-34507MedMay 29, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that…

  • CVE-2026-44998MedMay 11, 2026
    risk 0.28cvss 5.4epss 0.01

    OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile…

  • CVE-2026-44993MedMay 11, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows in direct message conversations that…

  • CVE-2026-42421MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing…

  • CVE-2026-41916MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication…

  • CVE-2026-41406MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized…

  • CVE-2026-41382MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized…

  • CVE-2026-41381MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is…

  • CVE-2026-41376MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists,…

  • CVE-2026-41365MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions.

  • CVE-2026-41358MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model…

  • CVE-2026-41356MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.

  • CVE-2026-41348MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing…

  • CVE-2026-41344MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose…

  • CVE-2026-41341MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM…

  • CVE-2026-41909MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device…

  • CVE-2026-41298MedApr 21, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls.

Page 13 of 27