OpenClaw

OpenClaw

331 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2026-35659

  • EPSS 0.01%
  • Veröffentlicht 10.04.2026 16:03:20
  • Zuletzt bearbeitet 13.04.2026 19:21:30

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions ...

6.5

CVE-2026-35657

  • EPSS 0.02%
  • Veröffentlicht 10.04.2026 16:03:19
  • Zuletzt bearbeitet 13.04.2026 21:08:02

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sendi...

6.5

CVE-2026-35656

  • EPSS 0.1%
  • Veröffentlicht 10.04.2026 16:03:18
  • Zuletzt bearbeitet 13.04.2026 21:07:56

OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote attackers can inject forged forwarding headers to ...

5.3

CVE-2026-35654

  • EPSS 0.03%
  • Veröffentlicht 10.04.2026 16:03:17
  • Zuletzt bearbeitet 13.04.2026 21:06:55

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to tr...

5.7

CVE-2026-35655

  • EPSS 0.04%
  • Veröffentlicht 10.04.2026 16:03:17
  • Zuletzt bearbeitet 13.04.2026 21:07:08

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dan...

8.1

CVE-2026-35653

Exploit
  • EPSS 0.04%
  • Veröffentlicht 10.04.2026 16:03:16
  • Zuletzt bearbeitet 13.04.2026 21:06:38

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can inv...

9.1

CVE-2026-35652

  • EPSS 0.04%
  • Veröffentlicht 10.04.2026 16:03:15
  • Zuletzt bearbeitet 13.04.2026 21:06:31

OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before...

4.3

CVE-2026-35651

  • EPSS 0.03%
  • Veröffentlicht 10.04.2026 16:03:14
  • Zuletzt bearbeitet 13.04.2026 21:05:33

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts a...

6.5

CVE-2026-35649

  • EPSS 0.02%
  • Veröffentlicht 10.04.2026 16:03:13
  • Zuletzt bearbeitet 13.04.2026 20:46:37

OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconc...

8.8

CVE-2026-35650

  • EPSS 0.06%
  • Veröffentlicht 10.04.2026 16:03:13
  • Zuletzt bearbeitet 13.04.2026 20:46:42

OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override ...