Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,273
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 241 - 260 of 548 CVEs
CVE-2026-41298 MEDIUM - 5.4

OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 21, 2026
Source: NVD
CVE-2026-41297 HIGH - 7.6

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive down...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 21, 2026
Source: NVD
CVE-2026-41296 HIGH - 8.2

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 21, 2026
Source: NVD
CVE-2026-41295 HIGH - 7.8

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code exec...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 21, 2026
Source: NVD
CVE-2026-41294 HIGH - 8.6

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment setting...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 21, 2026
Source: NVD
CVE-2026-40045 MEDIUM - 5.7

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 21, 2026
Source: NVD
CVE-2026-41389 MEDIUM - 5.8

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosi...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 20, 2026
Source: NVD
CVE-2026-3691 MEDIUM - 5.3

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow...

Published: Apr 11, 2026
Source: NVD
CVE-2026-3690 HIGH - 7.4

OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication ...

Published: Apr 11, 2026
Source: NVD
CVE-2026-3689 MEDIUM - 6.5

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the path...

Published: Apr 11, 2026
Source: NVD
CVE-2026-35670 MEDIUM - 5.9

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered repli...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35669 HIGH - 8.8

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform unautho...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35668 HIGH - 7.7

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandbox...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35667 MEDIUM - 6.1

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command, causi...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35666 HIGH - 8.8

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35665 MEDIUM - 5.3

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35664 MEDIUM - 5.3

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35663 HIGH - 8.8

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35662 MEDIUM - 4.3

OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope validation,...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD
CVE-2026-35661 MEDIUM - 5.3

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypass D...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 10, 2026
Source: NVD