AI Threat Alert AI Threat Alert

OpenClaw

pip AI Agents
61
Total CVEs
2
Critical
pip
Ecosystem
Apr 9, 2026
Last CVE
87%
Patch Rate
0d
Avg Time to Patch

Known Vulnerabilities (61 total, page 2 of 3)

Severity CVE ID Summary CVSS Published
MEDIUM GHSA-vjx8-8p7h-82gr openclaw: SSRF in marketplace plugin download -- Apr 7, 2026 HIGH GHSA-vfw7-6rhc-6xxg openclaw: env var injection via workspace config -- Apr 7, 2026 MEDIUM GHSA-3q42-xmxv-9vfr openclaw: privilege escalation to admin voice config persistence -- Apr 7, 2026 MEDIUM GHSA-fwjq-xwfj-gv75 openclaw: auth bypass exposes agent session visibility -- Apr 7, 2026 LOW GHSA-767m-xrhc-fxm7 openclaw: operator.write escalates to admin Telegram config + cron -- Apr 7, 2026 MEDIUM GHSA-42mx-vp8m-j7qh openclaw: sandbox escape via mirror mode hook execution -- Apr 7, 2026 MEDIUM GHSA-wpc6-37g7-8q4w OpenClaw: exec allowlist bypass via shell init-file options -- Apr 7, 2026 MEDIUM GHSA-h43v-27wg-5mf9 OpenClaw: pre-auth signature bypass enables pairing DoS -- Apr 7, 2026 MEDIUM GHSA-wwfp-w96m-c6x8 OpenClaw: pairing DoS blocks account onboarding -- Apr 7, 2026 LOW GHSA-fqrj-m88p-qf3v OpenClaw: cross-account webhook event suppression -- Apr 7, 2026 MEDIUM GHSA-m34q-h93w-vg5x openclaw: path traversal enables remote dir overwrite -- Apr 7, 2026 MEDIUM GHSA-846p-hgpv-vphc OpenClaw: path traversal → host file exfiltration via QQ Bot -- Apr 7, 2026 MEDIUM GHSA-4p4f-fc8q-84m3 openclaw: iOS bridge bypass enables unauthorized agent runs -- Apr 7, 2026 MEDIUM GHSA-5hff-46vh-rxmw OpenClaw: read-only scope bypass kills agent sessions -- Apr 7, 2026 MEDIUM GHSA-2qrv-rc5x-2g2h OpenClaw: untrusted plugin RCE via workspace channel setup -- Apr 7, 2026 MEDIUM GHSA-2f7j-rp58-mr42 OpenClaw: info disclosure exposes host filesystem paths -- Apr 7, 2026 MEDIUM GHSA-98ch-45wp-ch47 OpenClaw: approval bypass via env key normalization gap -- Apr 7, 2026 MEDIUM GHSA-w6wx-jq6j-6mcj openclaw: script swap bypasses pnpm dlx approval -- Apr 7, 2026 MEDIUM GHSA-fh32-73r9-rgh5 OpenClaw: CDP host bypass exposes localhost browser state -- Apr 7, 2026 MEDIUM GHSA-rxmx-g7hr-8mx4 OpenClaw: Zalo webhook dedup collision silently drops events -- Apr 7, 2026 MEDIUM GHSA-jj6q-rrrf-h66h openclaw: timing side-channel leaks shared-secret length -- Apr 7, 2026 MEDIUM GHSA-83f3-hh45-vfw9 OpenClaw: cleartext WebSocket exposes gateway credentials -- Apr 7, 2026 HIGH CVE-2026-34511 OpenClaw: PKCE verifier leak enables OAuth token theft -- Apr 4, 2026 MEDIUM CVE-2026-34425 OpenClaw: script preflight bypass enables unsafe exec -- Apr 6, 2026 MEDIUM GHSA-9q7v-8mr7-g23p OpenClaw: SSRF in marketplace fetch hits internal AI infra -- Apr 2, 2026

Showing 26–50 of 61

← Previous Next →

Monitor OpenClaw in your stack

Get instant alerts when new vulnerabilities affect OpenClaw. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring