VYPR

Vendor CVEs

OpenClaw

All CVEs

544 total · sorted by risk
  • CVE-2026-44998MedMay 11, 2026
    risk 0.28cvss 5.4epss 0.01

    OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile…

  • CVE-2026-44993MedMay 11, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows in direct message conversations that…

  • CVE-2026-42421MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing…

  • CVE-2026-41916MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication…

  • CVE-2026-41406MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized…

  • CVE-2026-41382MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized…

  • CVE-2026-41381MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is…

  • CVE-2026-41376MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists,…

  • CVE-2026-41365MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions.

  • CVE-2026-41358MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model…

  • CVE-2026-41356MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.

  • CVE-2026-41348MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing…

  • CVE-2026-41344MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose…

  • CVE-2026-41341MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM…

  • CVE-2026-41909MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device…

  • CVE-2026-41298MedApr 21, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls.

  • CVE-2026-35620MedApr 10, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands…

  • CVE-2026-34425MedApr 2, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft…

  • CVE-2026-32923MedMar 29, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted system events, injecting…

  • CVE-2026-53851MedJun 16, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled,…

  • CVE-2026-45002MedMay 11, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing…

  • CVE-2026-44999MedMay 11, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks…

  • CVE-2026-44994MedMay 11, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Attackers can access the bootstrap config route without a valid Gateway token to…

  • CVE-2026-43583MedMay 6, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart…

  • CVE-2026-43572MedMay 5, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without…

  • CVE-2026-42427MedApr 28, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence…

  • CVE-2026-41915MedApr 28, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT_DIR and related variables to redirect git operations and compromise repository integrity.

  • CVE-2026-41400MedApr 28, 2026
    risk 0.27cvss 5.3epss 0.01

    OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service.

  • CVE-2026-41391MedApr 28, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management…

  • CVE-2026-41374MedApr 28, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource…

  • CVE-2026-41363MedApr 28, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can exploit improper path resolution during upload_image operations to read arbitrary…

  • CVE-2026-41351MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid…

  • CVE-2026-41346MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on…

  • CVE-2026-41345MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by crafting malicious cross-origin redirect chains to intercept sensitive…

  • CVE-2026-41343MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust…

  • CVE-2026-41337MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate…

  • CVE-2026-41335MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify…

  • CVE-2026-41332MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through…

  • CVE-2026-41331MedApr 21, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing…

  • CVE-2026-41301MedApr 21, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to…

  • CVE-2026-3691MedApr 11, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an…

  • CVE-2026-35665MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources…

  • CVE-2026-35664MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper…

  • CVE-2026-35661MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct…

  • CVE-2026-35654MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback…

  • CVE-2026-35647MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access…

  • CVE-2026-35640MedApr 9, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server…

  • CVE-2026-35633MedApr 9, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing…

  • CVE-2026-35626MedApr 9, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without…

  • CVE-2026-34511MedApr 3, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling…

Page 6 of 11