OpenClaw

OpenClaw

331 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2026-31995

  • EPSS 0.04%
  • Veröffentlicht 19.03.2026 01:00:53
  • Zuletzt bearbeitet 19.03.2026 18:17:57

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failur...

7.8

CVE-2026-31994

  • EPSS 0.05%
  • Veröffentlicht 19.03.2026 01:00:52
  • Zuletzt bearbeitet 19.03.2026 18:20:22

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers wit...

8.8

CVE-2026-31992

  • EPSS 0.07%
  • Veröffentlicht 19.03.2026 01:00:51
  • Zuletzt bearbeitet 19.03.2026 19:00:06

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy an...

6.4

CVE-2026-31993

  • EPSS 0.07%
  • Veröffentlicht 19.03.2026 01:00:51
  • Zuletzt bearbeitet 19.03.2026 18:50:06

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta n...

4.6

CVE-2026-31991

  • EPSS 0.03%
  • Veröffentlicht 19.03.2026 01:00:50
  • Zuletzt bearbeitet 19.03.2026 19:08:58

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM...

6.3

CVE-2026-31989

  • EPSS 0.05%
  • Veröffentlicht 19.03.2026 01:00:49
  • Zuletzt bearbeitet 19.03.2026 19:18:07

OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger i...

7.1

CVE-2026-31990

  • EPSS 0.03%
  • Veröffentlicht 19.03.2026 01:00:49
  • Zuletzt bearbeitet 19.03.2026 19:16:08

OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exp...

6.7

CVE-2026-29608

  • EPSS 0.02%
  • Veröffentlicht 19.03.2026 01:00:48
  • Zuletzt bearbeitet 19.03.2026 19:15:57

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite o...

6.8

CVE-2026-29607

  • EPSS 0.07%
  • Veröffentlicht 19.03.2026 01:00:47
  • Zuletzt bearbeitet 25.03.2026 15:16:42

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executabl...

7.1

CVE-2026-28460

  • EPSS 0.02%
  • Veröffentlicht 19.03.2026 01:00:46
  • Zuletzt bearbeitet 25.03.2026 15:16:39

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass se...