OpenClaw Vulnerabilities

pip AI Agents

AI Threat Alert tracks 427 known vulnerabilities in OpenClaw, 15 rated critical — an AI/ML ai agents in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
427
Total CVEs
15
Critical
pip
Ecosystem
Jul 8, 2026
Last CVE
41%
Patch Rate
3d
Avg Time to Patch

Known Vulnerabilities (427 total, page 17 of 18)

Severity CVE ID Summary CVSS Published
LOW GHSA-fqrj-m88p-qf3v OpenClaw: cross-account webhook event suppression -- Apr 7, 2026 MEDIUM GHSA-m34q-h93w-vg5x openclaw: path traversal enables remote dir overwrite -- Apr 7, 2026 MEDIUM GHSA-846p-hgpv-vphc OpenClaw: path traversal → host file exfiltration via QQ Bot -- Apr 7, 2026 MEDIUM GHSA-4p4f-fc8q-84m3 openclaw: iOS bridge bypass enables unauthorized agent runs -- Apr 7, 2026 MEDIUM GHSA-5hff-46vh-rxmw OpenClaw: read-only scope bypass kills agent sessions -- Apr 7, 2026 MEDIUM GHSA-2qrv-rc5x-2g2h OpenClaw: untrusted plugin RCE via workspace channel setup -- Apr 7, 2026 MEDIUM GHSA-2f7j-rp58-mr42 OpenClaw: info disclosure exposes host filesystem paths -- Apr 7, 2026 MEDIUM GHSA-98ch-45wp-ch47 OpenClaw: approval bypass via env key normalization gap -- Apr 7, 2026 MEDIUM GHSA-w6wx-jq6j-6mcj openclaw: script swap bypasses pnpm dlx approval -- Apr 7, 2026 MEDIUM GHSA-fh32-73r9-rgh5 OpenClaw: CDP host bypass exposes localhost browser state -- Apr 7, 2026 MEDIUM GHSA-rxmx-g7hr-8mx4 OpenClaw: Zalo webhook dedup collision silently drops events -- Apr 7, 2026 MEDIUM GHSA-jj6q-rrrf-h66h openclaw: timing side-channel leaks shared-secret length -- Apr 7, 2026 MEDIUM GHSA-83f3-hh45-vfw9 OpenClaw: cleartext WebSocket exposes gateway credentials -- Apr 7, 2026 HIGH CVE-2026-34511 OpenClaw: PKCE verifier leak enables OAuth token theft -- Apr 4, 2026 MEDIUM CVE-2026-34425 OpenClaw: script preflight bypass enables unsafe exec -- Apr 6, 2026 MEDIUM GHSA-9q7v-8mr7-g23p OpenClaw: SSRF in marketplace fetch hits internal AI infra -- Apr 2, 2026 HIGH GHSA-hr5v-j9h9-xjhg OpenClaw: sandbox escape via mediaUrl path traversal 7.7 Mar 30, 2026 MEDIUM GHSA-68f8-9mhj-h2mp OpenClaw: HTTP scope bypass enables model enumeration -- Mar 30, 2026 HIGH GHSA-m3mh-3mpg-37hw OpenClaw: .npmrc hijack enables RCE on plugin install 8.6 Mar 30, 2026 CRITICAL CVE-2026-30741 OpenClaw: RCE via request-side prompt injection 9.8 Mar 11, 2026 CRITICAL CVE-2026-28451 OpenClaw: SSRF via Feishu extension exposes internal services 9.3 Mar 5, 2026 HIGH CVE-2026-27001 OpenClaw: prompt injection via unsanitized workspace path 7.8 Feb 20, 2026 MEDIUM CVE-2026-26972 OpenClaw: path traversal allows arbitrary file write 6.7 Feb 20, 2026 HIGH CVE-2026-26321 OpenClaw: path traversal enables local file exfiltration 7.5 Feb 19, 2026 MEDIUM CVE-2026-26320 OpenClaw: UI deception enables arbitrary command execution 6.5 Feb 19, 2026

Showing 401–425 of 427

Frequently asked questions

What is OpenClaw?

OpenClaw is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does OpenClaw have?

OpenClaw has 427 known CVEs, 15 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is OpenClaw distributed in?

OpenClaw is distributed via the pip ecosystem and categorized as ai agents.

Where does the OpenClaw vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of OpenClaw?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor OpenClaw in your stack

Get instant alerts when new vulnerabilities affect OpenClaw. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring