OpenClaw

OpenClaw

331 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2026-32057

  • EPSS 0.07%
  • Veröffentlicht 21.03.2026 00:42:27
  • Zuletzt bearbeitet 25.03.2026 15:16:46

OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket ...

8.2

CVE-2026-32055

  • EPSS 0.07%
  • Veröffentlicht 21.03.2026 00:42:26
  • Zuletzt bearbeitet 23.03.2026 16:22:12

OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vu...

7.8

CVE-2026-32054

  • EPSS 0.01%
  • Veröffentlicht 21.03.2026 00:42:25
  • Zuletzt bearbeitet 24.03.2026 21:11:08

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks...

9.8

CVE-2026-32052

  • EPSS 0.09%
  • Veröffentlicht 21.03.2026 00:42:24
  • Zuletzt bearbeitet 23.03.2026 17:07:49

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft mis...

6.5

CVE-2026-32053

  • EPSS 0.06%
  • Veröffentlicht 21.03.2026 00:42:24
  • Zuletzt bearbeitet 24.03.2026 21:15:38

OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events...

8.8

CVE-2026-32051

  • EPSS 0.07%
  • Veröffentlicht 21.03.2026 00:42:23
  • Zuletzt bearbeitet 23.03.2026 17:08:11

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deploymen...

5.3

CVE-2026-32050

  • EPSS 0.04%
  • Veröffentlicht 21.03.2026 00:42:22
  • Zuletzt bearbeitet 23.03.2026 17:08:52

OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reactio...

9.9

CVE-2026-32048

  • EPSS 0.05%
  • Veröffentlicht 21.03.2026 00:42:21
  • Zuletzt bearbeitet 24.03.2026 19:13:59

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit thi...

7.5

CVE-2026-32049

  • EPSS 0.16%
  • Veröffentlicht 21.03.2026 00:42:21
  • Zuletzt bearbeitet 23.03.2026 17:09:08

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memor...

9.8

CVE-2026-32046

  • EPSS 0.05%
  • Veröffentlicht 21.03.2026 00:42:20
  • Zuletzt bearbeitet 24.03.2026 19:12:10

OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the di...