Filtered by vendor Openclaw
Subscribe
Total
196 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32042 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 8.8 HIGH |
| OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity to request and obtain higher operator scopes before pairing approval is granted. | |||||
| CVE-2026-32044 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 5.5 MEDIUM |
| OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation. | |||||
| CVE-2026-32049 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 7.5 HIGH |
| OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability. | |||||
| CVE-2026-32050 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 3.7 LOW |
| OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue signal reaction status lines for sessions without proper DM or group access validation. | |||||
| CVE-2026-32051 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 8.8 HIGH |
| OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perform control-plane actions beyond their intended authorization level by exploiting inconsistent owner-only gating during agent execution. | |||||
| CVE-2026-32052 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 6.4 MEDIUM |
| OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation. | |||||
| CVE-2026-32055 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 7.6 HIGH |
| OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check improperly resolves aliases, permitting the first write operation to escape the workspace boundary and create files in arbitrary locations. | |||||
| CVE-2026-32031 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 4.8 MEDIUM |
| OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending requests with alternative path encodings to access protected plugin channel APIs without proper gateway authentication. | |||||
| CVE-2026-28482 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 7.1 HIGH |
| OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read or write arbitrary files outside the agent sessions directory. | |||||
| CVE-2026-22180 | 1 Openclaw | 1 Openclaw | 2026-03-20 | N/A | 5.3 MEDIUM |
| OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and write files to arbitrary locations. | |||||
| CVE-2026-22176 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 6.1 MEDIUM |
| OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands through environment variable values containing metacharacters like &, |, ^, %, or ! to achieve command execution when the scheduled task script is generated and executed. | |||||
| CVE-2026-27566 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 7.1 HIGH |
| OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while executing non-allowlisted commands. | |||||
| CVE-2026-27670 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 5.3 MEDIUM |
| OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding parent directory symlinks to redirect writes outside the extraction root. | |||||
| CVE-2026-28461 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 7.5 HIGH |
| OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows unauthenticated attackers to trigger in-memory key accumulation by varying query strings. Remote attackers can exploit this by sending repeated requests with different query parameters to cause memory pressure, process instability, or out-of-memory conditions that degrade service availability. | |||||
| CVE-2026-31989 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 7.4 HIGH |
| OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host to loopback, private, or internal destinations. | |||||
| CVE-2026-31990 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 6.1 MEDIUM |
| OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the media/inbound directory to overwrite arbitrary files on the host system outside sandbox boundaries. | |||||
| CVE-2026-29608 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 6.7 MEDIUM |
| OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text. | |||||
| CVE-2026-31991 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 3.7 LOW |
| OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain unauthorized group access. | |||||
| CVE-2026-31992 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 7.1 HIGH |
| OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at runtime. | |||||
| CVE-2026-31993 | 1 Openclaw | 1 Openclaw | 2026-03-19 | N/A | 4.8 MEDIUM |
| OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass incomplete allowlist validation and execute arbitrary commands on the paired host. | |||||