AI Threat Alert AI Threat Alert

OpenClaw

pip AI Agents
12
Total CVEs
0
Critical
pip
Ecosystem
N/A
Last CVE
79%
Patch Rate
0d
Avg Time to Patch

Known Vulnerabilities (61 total, page 1 of 3)

Severity CVE ID Summary CVSS Published
MEDIUM GHSA-q2gc-xjqw-qp89 OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts -- Apr 9, 2026 MEDIUM GHSA-qqq7-4hxc-x63c OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration -- Apr 9, 2026 MEDIUM GHSA-whf9-3hcx-gq54 OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing -- Apr 9, 2026 MEDIUM GHSA-cmfr-9m2r-xwhq OpenClaw: auth bypass enables persistent browser profile mutation -- Apr 9, 2026 MEDIUM GHSA-68x5-xx89-w9mm OpenClaw: stale auth closure bypasses gateway access control -- Apr 9, 2026 MEDIUM GHSA-vc32-h5mq-453v OpenClaw: cross-channel allowlist write bypass -- Apr 9, 2026 HIGH GHSA-5wj5-87vq-39xm openclaw: auth bypass enables exec escalation on reconnect -- Apr 9, 2026 LOW GHSA-25wv-8phj-8p7r OpenClaw: auth rate-limit bypass via async race condition -- Apr 9, 2026 MEDIUM GHSA-5h3f-885m-v22w openclaw: WS sessions persist after gateway token rotation -- Apr 9, 2026 MEDIUM GHSA-3fv3-6p2v-gxwj openclaw: SSRF bypass in QQ Bot media fetch paths -- Apr 9, 2026 LOW GHSA-5fc7-f62m-8983 OpenClaw: local file read bypasses workspace policy -- Apr 9, 2026 MEDIUM GHSA-67mf-f936-ppxf OpenClaw: scope misconfiguration enables unauthorized node pairing -- Apr 9, 2026 MEDIUM GHSA-vr5g-mmx7-h897 OpenClaw: SSRF bypass via interaction-triggered navigation -- Apr 9, 2026 LOW GHSA-4f8g-77mw-3rxc OpenClaw: gateway auth expands read to write privilege -- Apr 9, 2026 MEDIUM GHSA-w8g9-x8gx-crmm OpenClaw: SSRF bypass via Playwright redirect handling -- Apr 9, 2026 MEDIUM GHSA-w9j9-w4cp-6wgr openclaw: env var injection enables host exec hijacking -- Apr 9, 2026 HIGH GHSA-qx8j-g322-qj6m OpenClaw: unsafe body replay on cross-origin redirect -- Apr 9, 2026 MEDIUM GHSA-3vvq-q2qc-7rmp openclaw: no integrity check on ClawHub plugin installs -- Apr 9, 2026 MEDIUM GHSA-ccx3-fw7q-rr2r openclaw: base64 pre-alloc bypass causes resource exhaustion -- Apr 9, 2026 HIGH GHSA-gfmx-pph7-g46x openclaw: trust boundary bypass enables prompt injection -- Apr 9, 2026 HIGH GHSA-jf56-mccx-5f3f OpenClaw: wake hook trust violation elevates to System prompt -- Apr 9, 2026 HIGH GHSA-7437-7hg8-frrw OpenClaw: env var injection enables host RCE -- Apr 9, 2026 MEDIUM CVE-2026-39398 openclaw-claude-bridge: sandbox bypass exposes CLI tools -- Apr 8, 2026 MEDIUM GHSA-h2v7-xc88-xx8c openclaw: operator scope bypass in phone arm/disarm cmds -- Apr 7, 2026 MEDIUM GHSA-4g5x-2jfc-xm98 openclaw: media download bypass exhausts disk storage -- Apr 7, 2026

Showing 1–25 of 61

Next →

Monitor OpenClaw in your stack

Get instant alerts when new vulnerabilities affect OpenClaw. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring