AI Threat Alert

OpenClaw Vulnerabilities

pip AI Agents

136

Total CVEs

3

Critical

pip

Ecosystem

May 6, 2026

Last CVE

91%

Patch Rate

0d

Avg Time to Patch

Known Vulnerabilities (136 total, page 2 of 6)

Severity CVE ID Summary CVSS Published

MEDIUM GHSA-h2vw-ph2c-jvwf OpenClaw: env injection exposes MiniMax API key -- Apr 25, 2026 MEDIUM GHSA-qrp5-gfw2-gxv4 openclaw: tool policy bypass via bundled MCP/LSP tools -- Apr 25, 2026 MEDIUM GHSA-7jm2-g593-4qrc openclaw: config guard bypass, persistent settings mutation -- Apr 25, 2026 MEDIUM GHSA-92jp-89mq-4374 openclaw: auth bypass exposes sandbox browser session -- Apr 17, 2026 MEDIUM GHSA-jwrq-8g5x-5fhm openclaw: auth context reuse enables privilege escalation -- Apr 17, 2026 HIGH GHSA-8372-7vhw-cm6q openclaw: config redaction bypass exposes provider API keys -- Apr 17, 2026 MEDIUM GHSA-c4qm-58hj-j6pj openclaw: SSRF bypass exposes internal pages in browser tool -- Apr 17, 2026 MEDIUM GHSA-g2hm-779g-vm32 openclaw: auth bypass preserves owner-level agent execution -- Apr 17, 2026 HIGH GHSA-vw3h-q6xq-jjm5 openclaw: WebSocket DoS via oversized frame ingestion -- Apr 17, 2026 MEDIUM GHSA-g375-h3v6-4873 openclaw: privilege retention via async exec completion miss -- Apr 17, 2026 LOW GHSA-r77c-2cmr-7p47 openclaw: group policy bypass in delivery queue recovery -- Apr 17, 2026 LOW GHSA-gc9r-867r-j85f openclaw: auth bypass in Teams SSO invoke handler -- Apr 17, 2026 MEDIUM GHSA-5gjc-grvm-m88j openclaw: auth bypass enables persistent memory config change -- Apr 17, 2026 MEDIUM GHSA-j6c7-3h5x-99g9 openclaw: OS command injection via shell env-argv bypass -- Apr 17, 2026 HIGH GHSA-vfp4-8x56-j7c5 openclaw: env denylist bypass enables code exec in agents -- Apr 17, 2026 MEDIUM GHSA-7g8c-cfr3-vqqr openclaw: trust escalation via unsanitized agent hook events -- Apr 17, 2026 MEDIUM GHSA-49cg-279w-m73x openclaw: auth bypass via empty approver list -- Apr 17, 2026 MEDIUM GHSA-c9h3-5p7r-mrjh openclaw: path traversal bypasses media sandbox -- Apr 17, 2026 MEDIUM GHSA-7wv4-cc7p-jhxc openclaw: .env injection hijacks agent runtime config -- Apr 17, 2026 MEDIUM GHSA-2767-2q9v-9326 openclaw: QQBot SSRF leaks internal service responses -- Apr 17, 2026 MEDIUM GHSA-xq94-r468-qwgj openclaw: DNS rebinding bypasses browser SSRF protection -- Apr 17, 2026 MEDIUM GHSA-53vx-pmqw-863c openclaw: Browser SSRF exposes internal services by default -- Apr 17, 2026 MEDIUM GHSA-jf25-7968-h2h5 openclaw: path traversal bypasses workspace filesystem guard -- Apr 17, 2026 HIGH GHSA-82qx-6vj7-p8m2 openclaw: trust bypass loads untrusted workspace plugins -- Apr 17, 2026 HIGH GHSA-525j-hqq2-66r4 openclaw: CDP relay exposes browser DevTools on 0.0.0.0 -- Apr 17, 2026

Showing 26–50 of 136

← Previous Next →

Monitor OpenClaw in your stack

Get instant alerts when new vulnerabilities affect OpenClaw. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring