VYPR

Vendor CVEs

OpenClaw

All CVEs

544 total · sorted by risk
  • CVE-2026-34510MedApr 1, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content,…

  • CVE-2026-45003MedMay 11, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.

  • CVE-2026-45000MedMay 11, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are…

  • CVE-2026-44992MedMay 11, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in…

  • CVE-2026-41367MedApr 28, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement.

  • CVE-2026-41338MedApr 23, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in apply_patch, remove, and mkdir operations to manipulate files between…

  • CVE-2026-35634MedApr 9, 2026
    risk 0.26cvss 5.1epss 0.00

    OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP…

  • CVE-2026-41393MedApr 28, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS authorities. Attackers with same-tailnet position and CA-trusted endpoint access can exfiltrate operator credentials through DNS steering manipulation.

  • CVE-2026-35646MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated…

  • CVE-2026-35635MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass…

  • CVE-2026-35628MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to…

  • CVE-2026-35623MedApr 9, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password guesses to the webhook endpoint to…

  • CVE-2026-32896MedMar 21, 2026
    risk 0.24cvss 4.8epss 0.00

    The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.21 contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by…

  • CVE-2026-41398MedApr 28, 2026
    risk 0.23cvss 4.6epss 0.00

    OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet…

  • CVE-2026-41377MedApr 28, 2026
    risk 0.23cvss 4.6epss 0.00

    OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.

  • CVE-2026-35659MedApr 10, 2026
    risk 0.23cvss 4.6epss 0.00

    OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by…

  • CVE-2026-41330MedApr 21, 2026
    risk 0.22cvss 4.4epss 0.00

    OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings,…

  • CVE-2026-53848MedJun 16, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent…

  • CVE-2026-53845MedJun 16, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based…

  • CVE-2026-53835MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the…

  • CVE-2026-53826MedJun 12, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or…

  • CVE-2026-10291MedJun 1, 2026
    risk 0.21cvss 4.3epss 0.00

    A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern…

  • CVE-2026-32906MedMay 29, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to…

  • CVE-2026-44997MedMay 11, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning…

  • CVE-2026-44111MedMay 6, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary…

  • CVE-2026-42420MedApr 28, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input.

  • CVE-2026-41910MedApr 28, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model.

  • CVE-2026-41408MedApr 28, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions,…

  • CVE-2026-41362MedApr 28, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments…

  • CVE-2026-41350MedApr 23, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_status function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invocations. Attackers can invoke session_status without sandbox constraints to…

  • CVE-2026-41339MedApr 23, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained…

  • CVE-2026-41908MedApr 23, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path…

  • CVE-2026-35662MedApr 10, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without…

  • CVE-2026-35651MedApr 10, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling…

  • CVE-2026-35619MedApr 10, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility…

  • CVE-2026-35642MedApr 9, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted.

  • CVE-2026-33578MedMar 31, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and…

  • CVE-2026-34506MedMar 31, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message…

  • CVE-2026-53862MedJun 16, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.

  • CVE-2026-53860MedJun 16, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversation-level identifiers to receive agent…

  • CVE-2026-44991MedMay 11, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this…

  • CVE-2026-41402MedApr 28, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay…

  • CVE-2026-35624MedApr 9, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud…

  • CVE-2026-35617MedApr 9, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected…

  • CVE-2026-53809LowJun 11, 2026
    risk 0.18cvss 3.8epss 0.00

    OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside…

  • CVE-2026-53837LowJun 12, 2026
    risk 0.17cvss 3.7epss 0.00

    OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to…

  • CVE-2026-44996LowMay 11, 2026
    risk 0.17cvss 3.7epss 0.00

    OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local…

  • CVE-2026-41913LowApr 28, 2026
    risk 0.17cvss 3.7epss 0.00

    OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to…

  • CVE-2026-41407LowApr 28, 2026
    risk 0.17cvss 3.7epss 0.00

    OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening…

  • CVE-2026-41354LowApr 23, 2026
    risk 0.17cvss 3.7epss 0.00

    OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and…

Page 7 of 11