openclaw — Vulnerabilities & Security Advisories 450

All 450 CVE vulnerabilities found in openclaw, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-35624	OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk CWE-807	4.2	Medium	2026-04-09
CVE-2026-35623	OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Webhook Password Rate Limiting CWE-307	4.8	Medium	2026-04-09
CVE-2026-35618	OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification CWE-294	6.5	Medium	2026-04-09
CVE-2026-35622	OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook CWE-290	5.9	Medium	2026-04-09
CVE-2026-35617	OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName CWE-807	4.2	Medium	2026-04-09
CVE-2026-34512	OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint CWE-863	8.1	High	2026-04-09
CVE-2026-40037	OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects CWE-601	6.5	Medium	2026-04-08
CVE-2026-34511	OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter CWE-330	5.3	Medium	2026-04-03
CVE-2026-34426	OpenClaw - Approval Bypass via Environment Variable Normalization CWE-184	7.6	High	2026-04-02
CVE-2026-34425	OpenClaw - Shell-Bleed Protection Preflight Validation Bypass CWE-184	5.4	Medium	2026-04-02
CVE-2026-34510	OpenClaw < 2026.3.22 - Remote File URL Acceptance in Windows Media Loaders CWE-41	5.3	Medium	2026-04-01
CVE-2026-34504	OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider CWE-918	8.3	High	2026-03-31
CVE-2026-34503	OpenClaw < 2026.3.28 - Incomplete WebSocket Session Termination on Device Removal and Token Revocation CWE-613	8.1	High	2026-03-31
CVE-2026-33581	OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters CWE-22	6.5	Medium	2026-03-31
CVE-2026-33580	OpenClaw < 2026.3.28 - Brute Force Attack via Missing Rate Limiting on Webhook Shared Secret Authentication CWE-307	6.5	Medium	2026-03-31
CVE-2026-33578	OpenClaw < 2026.3.28 - Sender Policy Allowlist Bypass via Policy Downgrade in Google Chat and Zalouser Extensions CWE-863	4.3	Medium	2026-03-31
CVE-2026-33579	OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval CWE-863	9.9	Critical	2026-03-31
CVE-2026-33576	OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel CWE-863	6.5	Medium	2026-03-31
CVE-2026-33577	OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve CWE-863	8.1	High	2026-03-31
CVE-2026-34505	OpenClaw < 2026.3.12 - Webhook Rate Limiting Bypass via Pre-Authentication Secret Validation CWE-307	6.5	Medium	2026-03-31
CVE-2026-34506	OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration CWE-863	4.3	Medium	2026-03-31
CVE-2026-32988	OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation CWE-367	7.5	High	2026-03-31
CVE-2026-32977	OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unanchored writeFile Commit Path CWE-367	6.3	Medium	2026-03-31
CVE-2026-32982	OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs CWE-532	7.5	High	2026-03-31
CVE-2026-32976	OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands CWE-639	6.5	Medium	2026-03-31
CVE-2026-32971	OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands CWE-451	7.1	High	2026-03-31
CVE-2026-32970	OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs CWE-636	2.5	Low	2026-03-31
CVE-2026-32921	OpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.run CWE-367	6.3	Medium	2026-03-31
CVE-2026-32920	OpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace Plugins CWE-829	8.4	High	2026-03-31
CVE-2026-32917	OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP CWE-78	9.8	Critical	2026-03-31

All 450 known CVE vulnerabilities affecting openclaw with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

openclaw — Vulnerabilities & Security Advisories 450