Filtered by vendor Openclaw
Subscriptions
Filtered by product Openclaw
Subscriptions
Total
410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41384 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 7.8 High |
| OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables into the backend process spawning, enabling code execution or sensitive data exposure. | ||||
| CVE-2026-41391 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 5.3 Medium |
| OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management operations by injecting malicious index URLs through unsanitized environment variables. | ||||
| CVE-2026-41397 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 6.8 Medium |
| OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to access arbitrary files outside intended boundaries. | ||||
| CVE-2026-41404 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 8.8 High |
| OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on identity-bearing authentication paths and escalate privileges. | ||||
| CVE-2026-41911 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 6.5 Medium |
| OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and upload_image endpoints to access files beyond the intended workspace-only filesystem policy. | ||||
| CVE-2026-41381 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 5.4 Medium |
| OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is performed, gaining unauthorized access to restricted voice channels. | ||||
| CVE-2026-41375 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 6.5 Medium |
| OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper administrative privileges. | ||||
| CVE-2026-41370 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 6.5 Medium |
| OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories. | ||||
| CVE-2026-41361 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 7.1 High |
| OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections. | ||||
| CVE-2026-41364 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 8.1 High |
| OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host. | ||||
| CVE-2026-41408 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 4.3 Medium |
| OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availability impact. | ||||
| CVE-2026-41376 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 5.4 Medium |
| OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls. | ||||
| CVE-2026-41382 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 5.4 Medium |
| OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to restricted voice channels. | ||||
| CVE-2026-41388 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 6.5 Medium |
| OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls. | ||||
| CVE-2026-41395 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 7.5 High |
| OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call processing with a captured valid signed webhook. | ||||
| CVE-2026-41402 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 4.2 Medium |
| OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver duplicate webhook messages to unintended targets. | ||||
| CVE-2026-41915 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 5.3 Medium |
| OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT_DIR and related variables to redirect git operations and compromise repository integrity. | ||||
| CVE-2026-42424 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 5.7 Medium |
| OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated media. | ||||
| CVE-2026-42431 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 8.1 High |
| OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations. | ||||
| CVE-2026-42429 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 7.1 High |
| OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations. | ||||