Filtered by vendor Openclaw
Subscriptions
Filtered by product Openclaw
Subscriptions
Total
410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41392 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 6.7 Medium |
| OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while bypassing exec allowlist matching restrictions. | ||||
| CVE-2026-6011 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 5.6 Medium |
| A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2026.1.29 can resolve this issue. This patch is called b623557a2ec7e271bda003eb3ac33fbb2e218505. Upgrading the affected component is advised. | ||||
| CVE-2026-42430 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 6.5 Medium |
| OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections. | ||||
| CVE-2026-42428 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 7.1 High |
| OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment. | ||||
| CVE-2026-42423 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 7.5 High |
| OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval, circumventing the intended security boundary. | ||||
| CVE-2026-41914 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 8.5 High |
| OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies. | ||||
| CVE-2026-41407 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 3.7 Low |
| OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening constant-time handling for shared secrets. | ||||
| CVE-2026-41400 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 5.3 Medium |
| OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service. | ||||
| CVE-2026-41394 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 8.2 High |
| OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized operators. | ||||
| CVE-2026-41387 | 1 Openclaw | 1 Openclaw | 2026-04-30 | 7.8 High |
| OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content. | ||||
| CVE-2026-41377 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 4.6 Medium |
| OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings. | ||||
| CVE-2026-41383 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 8.1 High |
| OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data. | ||||
| CVE-2026-41390 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 7.3 High |
| OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execute different underlying programs. | ||||
| CVE-2026-41396 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 7.8 High |
| OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory. | ||||
| CVE-2026-41403 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 2.9 Low |
| OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local loopback traffic, circumventing intended remote viewer restrictions. | ||||
| CVE-2026-41910 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 4.3 Medium |
| OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model. | ||||
| CVE-2026-41916 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 5.4 Medium |
| OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through config reload operations. | ||||
| CVE-2026-42426 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 8.8 High |
| OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to exec-capable nodes. | ||||
| CVE-2026-42432 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 7.8 High |
| OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system. | ||||
| CVE-2026-41378 | 1 Openclaw | 1 Openclaw | 2026-04-29 | 8.8 High |
| OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging unrestricted agent.request dispatch to achieve remote code execution on the gateway. | ||||