Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,380
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 541 - 548 of 548 CVEs
CVE-2026-26316 HIGH - 7.5

OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when the configured webhook secret was missing or i...

Vendor: npm
Product: openclaw
Published: Feb 17, 2026
Source: GitHub
CVE-2026-25474 HIGH - 7.5

OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an ...

Vendor: npm
Product: openclaw
Published: Feb 17, 2026
Source: GitHub

OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-d...

Vendor: npm
Product: openclaw
Published: Feb 17, 2026
Source: GitHub
CVE-2026-25593 HIGH - 8.4

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability i...

Vendor: npm
Product: openclaw
Published: Feb 04, 2026
Source: GitHub
CVE-2026-25475 MEDIUM - 6.5

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file...

Vendor: npm
Product: openclaw
Published: Feb 04, 2026
Source: GitHub
CVE-2026-25157 HIGH - 7.8

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the c...

Vendor: npm
Product: clawdbot
Published: Feb 02, 2026
Source: GitHub
CVE-2026-24763 HIGH - 8.8

OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authentica...

Vendor: clawdbot
Product: clawdbot
Published: Feb 02, 2026
Source: NVD
CVE-2026-25253 HIGH - 8.8

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Vendor: OpenClaw
Product: OpenClaw
Published: Feb 01, 2026
Source: NVD