VYPR

Openclaw

by OpenClaw

npm: openclaw

Source repositories

CVEs (537)

  • CVE-2026-41364HigApr 28, 2026
    risk 0.46cvss 8.1epss 0.01

    OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote…

  • CVE-2026-41353HigApr 23, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating…

  • CVE-2026-41296HigApr 21, 2026
    risk 0.46cvss 8.2epss 0.00

    OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read…

  • CVE-2026-35660HigApr 10, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an…

  • CVE-2026-35653HigApr 10, 2026
    risk 0.46cvss 8.1epss 0.01

    OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile…

  • CVE-2026-35645HigApr 9, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to…

  • CVE-2026-34512HigApr 9, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by…

  • CVE-2026-34503HigMar 31, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.

  • CVE-2026-33577HigMar 31, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend…

  • CVE-2026-53829HigJun 12, 2026
    risk 0.45cvss 8.0epss 0.00

    OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after…

  • CVE-2026-35630HigMay 29, 2026
    risk 0.45cvss 8.0epss 0.00

    OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper…

  • CVE-2026-53813HigJun 11, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations,…

  • CVE-2026-45004HigMay 11, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by…

  • CVE-2026-44118HigMay 6, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata.

  • CVE-2026-44114HigMay 6, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAW_GIT_DIR to manipulate trusted…

  • CVE-2026-42432HigApr 28, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the…

  • CVE-2026-41396HigApr 28, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin…

  • CVE-2026-41387HigApr 28, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package…

  • CVE-2026-41384HigApr 28, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary…

  • CVE-2026-41336HigApr 23, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code.

Page 5 of 27