OpenClaw

OpenClaw

559 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-32923

  • EPSS 0.15%
  • Veröffentlicht 29.03.2026 12:44:23
  • Zuletzt bearbeitet 31.03.2026 18:01:13

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted ...

6.1

CVE-2026-32919

  • EPSS 0.1%
  • Veröffentlicht 29.03.2026 12:44:22
  • Zuletzt bearbeitet 31.03.2026 18:08:30

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to r...

9.9

CVE-2026-32922

Medienbericht
  • EPSS 0.54%
  • Veröffentlicht 29.03.2026 12:44:22
  • Zuletzt bearbeitet 31.03.2026 18:02:26

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scop...

8.4

CVE-2026-32918

  • EPSS 0.1%
  • Veröffentlicht 29.03.2026 12:44:21
  • Zuletzt bearbeitet 31.03.2026 18:09:19

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session...

8.8

CVE-2026-32915

  • EPSS 0.14%
  • Veröffentlicht 29.03.2026 12:44:20
  • Zuletzt bearbeitet 31.03.2026 18:10:23

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf wo...

8.8

CVE-2026-32914

  • EPSS 0.25%
  • Veröffentlicht 29.03.2026 12:44:19
  • Zuletzt bearbeitet 31.03.2026 18:11:06

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modif...

7.5

CVE-2026-32846

Exploit
  • EPSS 0.69%
  • Veröffentlicht 26.03.2026 16:36:00
  • Zuletzt bearbeitet 20.05.2026 20:16:37

OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete va...

5.8

CVE-2026-32912

  • EPSS -
  • Veröffentlicht 23.03.2026 21:36:15
  • Zuletzt bearbeitet 23.03.2026 23:17:12

Rejected reason: This CVE ID has been rejected.

9.1

CVE-2026-32913

  • EPSS 0.32%
  • Veröffentlicht 23.03.2026 21:36:15
  • Zuletzt bearbeitet 24.03.2026 18:01:44

OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive ...

6.4

CVE-2026-32911

  • EPSS -
  • Veröffentlicht 23.03.2026 21:36:14
  • Zuletzt bearbeitet 23.03.2026 23:17:12

Rejected reason: This CVE ID has been rejected.