VYPR

Openclaw

by OpenClaw

npm: openclaw

Source repositories

CVEs (537)

  • CVE-2026-35634MedApr 9, 2026
    risk 0.26cvss 5.1epss 0.00

    OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP…

  • CVE-2026-41393MedApr 28, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS authorities. Attackers with same-tailnet position and CA-trusted endpoint access can exfiltrate operator credentials through DNS steering manipulation.

  • CVE-2026-35646MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated…

  • CVE-2026-35635MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass…

  • CVE-2026-35628MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to…

  • CVE-2026-35623MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password guesses to the webhook endpoint to…

  • CVE-2026-32896MedMar 21, 2026
    risk 0.24cvss 4.8epss 0.00

    The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.21 contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by…

  • CVE-2026-41398MedApr 28, 2026
    risk 0.23cvss 4.6epss 0.00

    OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet…

  • CVE-2026-41377MedApr 28, 2026
    risk 0.23cvss 4.6epss 0.00

    OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.

  • CVE-2026-35659MedApr 10, 2026
    risk 0.23cvss 4.6epss 0.00

    OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by…

  • CVE-2026-41330MedApr 21, 2026
    risk 0.22cvss 4.4epss 0.00

    OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings,…

  • CVE-2026-53848MedJun 16, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent…

  • CVE-2026-53845MedJun 16, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based…

  • CVE-2026-53835MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the…

  • CVE-2026-53826MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or…

  • CVE-2026-32906MedMay 29, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to…

  • CVE-2026-44997MedMay 11, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning…

  • CVE-2026-44111MedMay 6, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary…

  • CVE-2026-42420MedApr 28, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input.

  • CVE-2026-41910MedApr 28, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model.

Page 16 of 27