Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenClaw — Vulnerabilities & Security Advisories 450

All 450 CVE vulnerabilities found in OpenClaw, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenClaw

CVE IDTitleCVSSSeverityPublished
CVE-2026-32916 OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes CWE-266 9.4 Critical2026-03-31
CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download CWE-367 6.2 Medium2026-03-29
CVE-2026-33575 OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes CWE-522 7.5 High2026-03-29
CVE-2026-33573 OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters CWE-668 8.8 High2026-03-29
CVE-2026-32987 OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing CWE-294 9.8 Critical2026-03-29
CVE-2026-33572 OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files CWE-378 8.4 High2026-03-29
CVE-2026-32980 OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request CWE-770 7.5 High2026-03-29
CVE-2026-32979 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval CWE-367 7.3 High2026-03-29
CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners CWE-863 8.0 High2026-03-29
CVE-2026-32975 OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist CWE-807 9.8 Critical2026-03-29
CVE-2026-32973 OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization CWE-625 9.8 Critical2026-03-29
CVE-2026-32974 OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token CWE-347 8.6 High2026-03-29
CVE-2026-32972 OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request CWE-863 7.1 High2026-03-29
CVE-2026-32923 OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement CWE-863 5.4 Medium2026-03-29
CVE-2026-32924 OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu CWE-863 9.8 Critical2026-03-29
CVE-2026-32922 OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate CWE-266 9.9 Critical2026-03-29
CVE-2026-32919 OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands CWE-863 6.1 Medium2026-03-29
CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface CWE-863 8.8 High2026-03-29
CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool CWE-863 8.4 High2026-03-29
CVE-2026-32914 OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints CWE-863 8.8 High2026-03-29
CVE-2026-32846 OpenClaw Media Parsing Path Traversal to Arbitrary File Read CWE-22 8.6 -2026-03-26
CVE-2026-32913 OpenClaw < 2026.3.7 - Custom Authorization Header Leakage via Cross-Origin Redirects CWE-522 9.3 Critical2026-03-23
CVE-2026-27646 OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command CWE-863 6.1 Medium2026-03-23
CVE-2026-27183 OpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth Mismatch CWE-863 5.3 Medium2026-03-23
CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers CWE-863 4.3 Medium2026-03-21
CVE-2026-32898 OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata CWE-807 5.4 Medium2026-03-21
CVE-2026-32897 OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback CWE-320 3.7 Low2026-03-21
CVE-2026-32896 OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin CWE-306 4.8 Medium2026-03-21
CVE-2026-32895 OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers CWE-863 5.4 Medium2026-03-21
CVE-2026-32067 OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store CWE-863 3.7 Low2026-03-21

All 450 known CVE vulnerabilities affecting OpenClaw with full Chinese analysis, references, and POCs where available.