OpenClaw Vulnerabilities

pip AI Agents

AI Threat Alert tracks 427 known vulnerabilities in OpenClaw, 15 rated critical — an AI/ML ai agents in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
427
Total CVEs
15
Critical
pip
Ecosystem
Jul 8, 2026
Last CVE
41%
Patch Rate
3d
Avg Time to Patch

Known Vulnerabilities (427 total, page 13 of 18)

Severity CVE ID Summary CVSS Published
MEDIUM GHSA-x3h8-jrgh-p8jx OpenClaw: exec allowlist bypass allows hidden shell code -- May 4, 2026 HIGH GHSA-wppj-c6mr-83jj openclaw: TOCTOU sandbox escape via symlink swap -- May 4, 2026 MEDIUM GHSA-5h3g-6xhh-rg6p openclaw: TOCTOU race allows out-of-sandbox file read -- May 4, 2026 MEDIUM GHSA-93rg-2xm5-2p9v openclaw: auth bypass exposes Gateway bootstrap config -- May 4, 2026 MEDIUM CVE-2026-41358 OpenClaw: sender allowlist bypass via Slack thread context 5.4 May 4, 2026 MEDIUM GHSA-c28g-vh7m-fm7v openclaw: auth bypass in owner command enforcement -- Apr 29, 2026 MEDIUM GHSA-gfg9-5357-hv4c openclaw: path traversal exposes host files via audio embed -- Apr 29, 2026 MEDIUM GHSA-2xcp-x87w-q377 openclaw: session key auth bypass in webhook routing -- Apr 25, 2026 LOW GHSA-v8qf-fr4g-28p2 OpenClaw: auth scope bypass exposes assistant-media files -- Apr 25, 2026 MEDIUM GHSA-72q8-jcmc-97wx openclaw: DM policy bypass via Feishu card-action callbacks -- Apr 25, 2026 MEDIUM GHSA-hxvm-xjvf-93f3 openclaw: env namespace injection steers agent runtime -- Apr 25, 2026 LOW GHSA-57r2-h2wj-g887 openclaw: trust-label bypass amplifies prompt injection -- Apr 25, 2026 MEDIUM GHSA-mj59-h3q9-ghfh openclaw: env var injection via MCP stdio config -- Apr 25, 2026 LOW GHSA-c4qg-j8jg-42q5 openclaw: SSRF in QQBot media upload bypasses validation -- Apr 25, 2026 LOW GHSA-xrq9-jm7v-g9h7 OpenClaw: auth bypass enables cross-device session hijack -- Apr 25, 2026 LOW GHSA-j4c5-89f5-f3pm openclaw: SSRF policy bypass in CDP browser profile creation -- Apr 25, 2026 MEDIUM GHSA-h2vw-ph2c-jvwf OpenClaw: env injection exposes MiniMax API key -- Apr 25, 2026 MEDIUM GHSA-qrp5-gfw2-gxv4 openclaw: tool policy bypass via bundled MCP/LSP tools -- Apr 25, 2026 MEDIUM GHSA-7jm2-g593-4qrc openclaw: config guard bypass, persistent settings mutation -- Apr 25, 2026 MEDIUM GHSA-92jp-89mq-4374 openclaw: auth bypass exposes sandbox browser session -- Apr 17, 2026 MEDIUM GHSA-jwrq-8g5x-5fhm openclaw: auth context reuse enables privilege escalation -- Apr 17, 2026 HIGH GHSA-8372-7vhw-cm6q openclaw: config redaction bypass exposes provider API keys -- Apr 17, 2026 MEDIUM GHSA-c4qm-58hj-j6pj openclaw: SSRF bypass exposes internal pages in browser tool -- Apr 17, 2026 MEDIUM GHSA-g2hm-779g-vm32 openclaw: auth bypass preserves owner-level agent execution -- Apr 17, 2026 HIGH GHSA-vw3h-q6xq-jjm5 openclaw: WebSocket DoS via oversized frame ingestion -- Apr 17, 2026

Showing 301–325 of 427

Frequently asked questions

What is OpenClaw?

OpenClaw is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does OpenClaw have?

OpenClaw has 427 known CVEs, 15 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is OpenClaw distributed in?

OpenClaw is distributed via the pip ecosystem and categorized as ai agents.

Where does the OpenClaw vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of OpenClaw?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor OpenClaw in your stack

Get instant alerts when new vulnerabilities affect OpenClaw. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring