VYPR

Vendor CVEs

OpenClaw

All CVEs

544 total · sorted by risk
  • CVE-2026-53858HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local…

  • CVE-2026-53846HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local…

  • CVE-2026-53842HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDK_PYTHON…

  • CVE-2026-53840HigJun 16, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate…

  • CVE-2026-45224HigMay 11, 2026
    risk 0.39cvss 7.1epss 0.00

    Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or…

  • CVE-2026-45001HigMay 11, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server…

  • CVE-2026-42429HigApr 28, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests…

  • CVE-2026-42428HigApr 28, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.

  • CVE-2026-41379HigApr 28, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and…

  • CVE-2026-41361HigApr 23, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.

  • CVE-2026-41359HigApr 23, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit…

  • CVE-2026-41347HigApr 23, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform…

  • CVE-2026-41299HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients…

  • CVE-2026-35632HigApr 9, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to…

  • CVE-2026-32971HigMar 31, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after…

  • CVE-2026-32972HigMar 29, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and…

  • CVE-2026-43535MedMay 5, 2026
    risk 0.37cvss 6.8epss 0.00

    OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain…

  • CVE-2026-41397MedApr 28, 2026
    risk 0.37cvss 6.8epss 0.00

    OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror…

  • CVE-2026-41392MedApr 28, 2026
    risk 0.37cvss 6.7epss 0.00

    OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen…

  • CVE-2026-41360MedApr 23, 2026
    risk 0.37cvss 6.7epss 0.00

    OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution…

  • CVE-2026-53861MedJun 16, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing…

  • CVE-2026-53820MedJun 12, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions…

  • CVE-2026-53818MedJun 11, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute…

  • CVE-2026-53859MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators…

  • CVE-2026-53854MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. Attackers can exploit this by sending commands on affected internal or…

  • CVE-2026-53844MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory…

  • CVE-2026-53839MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to…

  • CVE-2026-53830MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected…

  • CVE-2026-53827MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and…

  • CVE-2026-53825MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify…

  • CVE-2026-53824MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token…

  • CVE-2026-53815MedJun 11, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature,…

  • CVE-2026-53808MedJun 11, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply…

  • CVE-2026-35673MedMay 29, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect…

  • CVE-2026-43579MedMay 6, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify…

  • CVE-2026-43577MedMay 6, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy…

  • CVE-2026-43574MedMay 5, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve pending approvals without proper authorization by exploiting this…

  • CVE-2026-43570MedMay 5, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files…

  • CVE-2026-43568MedMay 5, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming…

  • CVE-2026-43567MedMay 5, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended…

  • CVE-2026-43528MedMay 5, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys,…

  • CVE-2026-42433MedMay 5, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration…

  • CVE-2026-42430MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF…

  • CVE-2026-41911MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and upload_image endpoints to access files beyond the intended workspace-only…

  • CVE-2026-41388MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation…

  • CVE-2026-41385MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol…

  • CVE-2026-41375MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone…

  • CVE-2026-41370MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside…

  • CVE-2026-41369MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override…

  • CVE-2026-41368MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using $ENV in jq programs to access sensitive environment variables that should be…

Page 4 of 11