VYPR

Openclaw

by OpenClaw

npm: openclaw

Source repositories

CVEs (537)

  • CVE-2026-53822HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.01

    OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security…

  • CVE-2026-53821HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket…

  • CVE-2026-53819HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible…

  • CVE-2026-53817HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust…

  • CVE-2026-53811HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access…

  • CVE-2026-53810HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed…

  • CVE-2026-53807HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist…

  • CVE-2026-53806HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation,…

  • CVE-2026-35674HigMay 29, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and…

  • CVE-2026-45006HigMay 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist…

  • CVE-2026-44115HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.

  • CVE-2026-44110HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in…

  • CVE-2026-43584HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. Attackers can…

  • CVE-2026-43571HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust…

  • CVE-2026-43569HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are…

  • CVE-2026-43530HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval…

  • CVE-2026-42435HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables…

  • CVE-2026-42434HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.

  • CVE-2026-42426HigApr 28, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write…

  • CVE-2026-42422HigApr 28, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval.

Page 2 of 27