Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenClaw — Vulnerabilities & Security Advisories 450

All 450 CVE vulnerabilities found in OpenClaw, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenClaw

CVE IDTitleCVSSSeverityPublished
CVE-2026-32030 OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal CWE-22 7.5 High2026-03-19
CVE-2026-32029 OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing CWE-345 5.3 Medium2026-03-19
CVE-2026-32028 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress CWE-863 5.3 Medium2026-03-19
CVE-2026-32027 OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist CWE-863 6.5 Medium2026-03-19
CVE-2026-32026 OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox CWE-22 6.5 Medium2026-03-19
CVE-2026-32025 OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass CWE-307 7.5 High2026-03-19
CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling CWE-59 5.5 Medium2026-03-19
CVE-2026-32022 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass CWE-184 6.5 Medium2026-03-19
CVE-2026-32023 OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run CWE-863 7.1 High2026-03-19
CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom CWE-863 6.5 Medium2026-03-19
CVE-2026-32020 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler CWE-59 3.3 Low2026-03-19
CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard CWE-918 7.4 High2026-03-19
CVE-2026-32018 OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations CWE-362 3.6 Low2026-03-19
CVE-2026-32017 OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist CWE-184 7.1 High2026-03-19
CVE-2026-32016 OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS CWE-426 7.8 High2026-03-19
CVE-2026-32015 OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation CWE-426 7.8 High2026-03-19
CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields CWE-290 8.0 High2026-03-19
CVE-2026-32013 OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods CWE-59 8.8 High2026-03-19
CVE-2026-32011 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing CWE-770 7.5 High2026-03-19
CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter CWE-78 6.3 Medium2026-03-19
CVE-2026-32009 OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins CWE-426 5.7 Medium2026-03-19
CVE-2026-32008 OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard CWE-610 6.5 Medium2026-03-19
CVE-2026-32007 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass CWE-22 6.8 Medium2026-03-19
CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip CWE-863 6.8 Medium2026-03-19
CVE-2026-32006 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist CWE-863 3.1 Low2026-03-19
CVE-2026-32004 OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route CWE-288 6.5 Medium2026-03-19
CVE-2026-32003 OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run CWE-78 6.6 Medium2026-03-19
CVE-2026-32002 OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass CWE-200 5.3 Medium2026-03-19
CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication CWE-863 5.4 Medium2026-03-19
CVE-2026-32000 OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution CWE-78 7.1 High2026-03-19

All 450 known CVE vulnerabilities affecting OpenClaw with full Chinese analysis, references, and POCs where available.