Total CVEs

143,232

Critical Severity

4,056

High Severity

14,610

Last 7 Days

1,261
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 481 - 500 of 548 CVEs
CVE-2026-28477 MEDIUM - 5.9

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token pe...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28476 MEDIUM - 5.3

OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP re...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28475 MEDIUM - 4.8

OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually re...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28474 CRITICAL - 9.8

OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID an...

Vendor: OpenClaw
Product: nextcloud-talk
Published: Mar 05, 2026
Source: NVD
CVE-2026-28473 CRITICAL - 9.8

OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway cl...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28472 CRITICAL - 9.8

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting the ...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate allo...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28470 CRITICAL - 9.8

OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $() or backticks inside do...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28469 CRITICAL - 9.8

OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process in...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28468 HIGH - 7.8

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve WebSoc...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28467 MEDIUM - 5.3

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTP(S) URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can trig...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28466 HIGH - 8.8

OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject app...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28465 HIGH - 7.5

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarde...

Vendor: OpenClaw
Product: voice-call
Published: Mar 05, 2026
Source: NVD
CVE-2026-28464 CRITICAL - 9.8

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually de...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28463 HIGH - 8.4

OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized callers or prompt-injection attacks can exploit this...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28462 HIGH - 7.5

OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST /trace/s...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28459 MEDIUM - 6.5

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append data ...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28458 HIGH - 7.5

OpenClaw version 2026.1.20 prior to 2026.2.1 contains a vulnerability in the Browser Relay (extension must be installed and enabled) /cdp WebSocket endpoint in which it does not require authentication tokens, allowing websites to connect via loopback and access sensitive data. Attackers can exploit ...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28457 MEDIUM - 5.3

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences l...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD
CVE-2026-28456 HIGH - 8.4

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import(), allowing code execution. An attacker with gateway configuration modification access can load and exec...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 05, 2026
Source: NVD