OpenClaw — Vulnerabilities & Security Advisories 450

All 450 CVE vulnerabilities found in OpenClaw, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-43535	OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches CWE-266	6.8	Medium	2026-05-05
CVE-2026-43534	OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events CWE-345	9.1	Critical	2026-05-05
CVE-2026-43533	OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags CWE-23	8.6	High	2026-05-05
CVE-2026-43532	OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image CWE-184	7.7	High	2026-05-05
CVE-2026-43531	OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File CWE-15	7.3	High	2026-05-05
CVE-2026-43530	OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution CWE-863	8.8	High	2026-05-05
CVE-2026-43529	OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator CWE-367	2.5	Low	2026-05-05
CVE-2026-43527	OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation CWE-918	7.7	High	2026-05-05
CVE-2026-43528	OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases CWE-212	6.5	Medium	2026-05-05
CVE-2026-43526	OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling CWE-918	8.2	High	2026-05-05
CVE-2026-42439	OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes CWE-862	8.5	High	2026-05-05
CVE-2026-42438	OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads CWE-863	7.7	High	2026-05-05
CVE-2026-42437	OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path CWE-770	7.5	High	2026-05-05
CVE-2026-42435	OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection CWE-184	8.8	High	2026-05-05
CVE-2026-42436	OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes CWE-862	7.7	High	2026-05-05
CVE-2026-42434	OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing CWE-863	8.8	High	2026-05-05
CVE-2026-42433	OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools CWE-862	6.5	Medium	2026-05-05
CVE-2026-42432	OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass CWE-863	7.8	High	2026-04-28
CVE-2026-42431	OpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) Bypass CWE-863	8.1	High	2026-04-28
CVE-2026-42430	OpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect Handling CWE-918	6.5	Medium	2026-04-28
CVE-2026-42428	OpenClaw < 2026.4.8 - Missing Integrity Verification in Package Downloads CWE-353	7.1	High	2026-04-28
CVE-2026-42429	OpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP Authentication CWE-863	7.1	High	2026-04-28
CVE-2026-42427	OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection CWE-184	5.3	Medium	2026-04-28
CVE-2026-42426	OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope CWE-863	8.8	High	2026-04-28
CVE-2026-42424	OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Reply MEDIA Paths CWE-73	5.7	Medium	2026-04-28
CVE-2026-42423	OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallback CWE-636	7.5	High	2026-04-28
CVE-2026-42422	OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function CWE-863	8.8	High	2026-04-28
CVE-2026-42421	OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rotation CWE-613	5.4	Medium	2026-04-28
CVE-2026-42420	OpenClaw < 2026.4.8 - Improper Base64 Decoding Size Validation CWE-770	4.3	Medium	2026-04-28
CVE-2026-41916	OpenClaw < 2026.4.8 - Stale Authentication State via Config Reload CWE-613	5.4	Medium	2026-04-28

All 450 known CVE vulnerabilities affecting OpenClaw with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

OpenClaw — Vulnerabilities & Security Advisories 450