VYPR

Vendor CVEs

OpenClaw

All CVEs

544 total · sorted by risk
  • CVE-2026-53838CriJun 12, 2026
    risk 0.57cvss 9.8epss 0.00

    OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing…

  • CVE-2026-44109CriMay 6, 2026
    risk 0.57cvss 9.8epss 0.01

    OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting…

  • CVE-2026-43575CriMay 6, 2026
    risk 0.57cvss 9.8epss 0.00

    OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized…

  • CVE-2026-41329CriApr 21, 2026
    risk 0.57cvss 9.9epss 0.00

    OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve…

  • CVE-2026-33579CriMar 31, 2026
    risk 0.57cvss 9.9epss 0.01

    OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking…

  • CVE-2026-32917CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.02

    OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing…

  • CVE-2026-32987CriMar 29, 2026
    risk 0.57cvss 9.8epss 0.00

    OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scopes, including privilege…

  • CVE-2026-32924CriMar 29, 2026
    risk 0.57cvss 9.8epss 0.00

    OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention…

  • CVE-2026-32922CriMar 29, 2026
    risk 0.57cvss 9.9epss 0.01

    OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain…

  • CVE-2026-28474CriMar 5, 2026
    risk 0.57cvss 9.8epss 0.00

    OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an…

  • CVE-2026-44112CriMay 6, 2026
    risk 0.56cvss 9.6epss 0.02

    OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox…

  • CVE-2026-43581CriMay 6, 2026
    risk 0.55cvss 9.6epss 0.00

    OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad…

  • CVE-2026-32916CriMar 31, 2026
    risk 0.54cvss 9.4epss 0.00

    OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke…

  • CVE-2026-8634CriMay 14, 2026
    risk 0.52cvss 9.1epss 0.01

    Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment.…

  • CVE-2026-43578CriMay 6, 2026
    risk 0.52cvss 9.1epss 0.00

    OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more…

  • CVE-2026-43566CriMay 5, 2026
    risk 0.52cvss 9.1epss 0.00

    OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like…

  • CVE-2026-43534CriMay 5, 2026
    risk 0.52cvss 9.1epss 0.00

    OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.

  • CVE-2026-41386CriApr 28, 2026
    risk 0.52cvss 9.1epss 0.00

    OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and…

  • CVE-2026-53843HigJun 16, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval,…

  • CVE-2026-53836HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass…

  • CVE-2026-53828HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured…

  • CVE-2026-53822HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.01

    OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security…

  • CVE-2026-53821HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket…

  • CVE-2026-53819HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible…

  • CVE-2026-53817HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust…

  • CVE-2026-53811HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access…

  • CVE-2026-53810HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed…

  • CVE-2026-53807HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist…

  • CVE-2026-53806HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation,…

  • CVE-2026-35674HigMay 29, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and…

  • CVE-2026-8621HigMay 14, 2026
    risk 0.50cvss 8.8epss 0.00

    Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests…

  • CVE-2026-45223HigMay 11, 2026
    risk 0.50cvss 8.8epss 0.00

    Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the…

  • CVE-2026-45006HigMay 11, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist…

  • CVE-2026-44115HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.

  • CVE-2026-44110HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in…

  • CVE-2026-43584HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. Attackers can…

  • CVE-2026-43571HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust…

  • CVE-2026-43569HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are…

  • CVE-2026-43530HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval…

  • CVE-2026-42435HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables…

  • CVE-2026-42434HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.

  • CVE-2026-42426HigApr 28, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write…

  • CVE-2026-42422HigApr 28, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval.

  • CVE-2026-41404HigApr 28, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to…

  • CVE-2026-41378HigApr 28, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging…

  • CVE-2026-41352HigApr 23, 2026
    risk 0.50cvss 8.8epss 0.01

    OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node…

  • CVE-2026-41349HigApr 23, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user…

  • CVE-2026-41303HigApr 21, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and…

  • CVE-2026-35669HigApr 10, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated…

  • CVE-2026-35666HigApr 10, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.

Page 1 of 11