OpenClaw

OpenClaw

559 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-41385

  • EPSS 0.21%
  • Veröffentlicht 28.04.2026 18:09:48
  • Zuletzt bearbeitet 01.05.2026 15:52:19

OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys...

9.8

CVE-2026-41386

  • EPSS 0.33%
  • Veröffentlicht 28.04.2026 18:09:48
  • Zuletzt bearbeitet 01.05.2026 15:52:35

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges be...

8.1

CVE-2026-41383

  • EPSS 0.37%
  • Veröffentlicht 28.04.2026 18:09:46
  • Zuletzt bearbeitet 01.05.2026 15:52:02

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipu...

7.8

CVE-2026-41384

  • EPSS 0.14%
  • Veröffentlicht 28.04.2026 18:09:46
  • Zuletzt bearbeitet 01.05.2026 15:52:11

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace conf...

5.4

CVE-2026-41382

  • EPSS 0.22%
  • Veröffentlicht 28.04.2026 18:09:45
  • Zuletzt bearbeitet 01.05.2026 15:51:50

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name va...

5.4

CVE-2026-41381

  • EPSS 0.22%
  • Veröffentlicht 28.04.2026 18:09:44
  • Zuletzt bearbeitet 01.05.2026 15:51:40

OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channe...

7.3

CVE-2026-41380

  • EPSS 0.12%
  • Veröffentlicht 28.04.2026 18:09:43
  • Zuletzt bearbeitet 01.05.2026 15:51:33

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier execu...

7.1

CVE-2026-41379

  • EPSS 0.24%
  • Veröffentlicht 28.04.2026 18:09:42
  • Zuletzt bearbeitet 01.05.2026 15:51:25

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat....

8.8

CVE-2026-41378

  • EPSS 0.44%
  • Veröffentlicht 28.04.2026 18:09:41
  • Zuletzt bearbeitet 01.05.2026 15:51:15

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate...

4.6

CVE-2026-41377

  • EPSS 0.23%
  • Veröffentlicht 28.04.2026 18:09:40
  • Zuletzt bearbeitet 01.05.2026 15:50:40

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visib...