AI Threat Alert AI Threat Alert

OpenClaw

pip AI Agents
61
Total CVEs
2
Critical
pip
Ecosystem
Apr 9, 2026
Last CVE
87%
Patch Rate
0d
Avg Time to Patch

Known Vulnerabilities (61 total, page 3 of 3)

Severity CVE ID Summary CVSS Published
HIGH GHSA-hr5v-j9h9-xjhg OpenClaw: sandbox escape via mediaUrl path traversal 7.7 Mar 30, 2026 MEDIUM GHSA-68f8-9mhj-h2mp OpenClaw: HTTP scope bypass enables model enumeration -- Mar 30, 2026 HIGH GHSA-m3mh-3mpg-37hw OpenClaw: .npmrc hijack enables RCE on plugin install 8.6 Mar 30, 2026 CRITICAL CVE-2026-30741 OpenClaw: RCE via request-side prompt injection 9.8 Mar 11, 2026 CRITICAL CVE-2026-28451 OpenClaw: SSRF via Feishu extension exposes internal services 9.3 Mar 5, 2026 HIGH CVE-2026-27001 OpenClaw: prompt injection via unsanitized workspace path 7.8 Feb 20, 2026 MEDIUM CVE-2026-26972 OpenClaw: path traversal allows arbitrary file write 6.7 Feb 20, 2026 HIGH CVE-2026-26321 OpenClaw: path traversal enables local file exfiltration 7.5 Feb 19, 2026 MEDIUM CVE-2026-26320 OpenClaw: UI deception enables arbitrary command execution 6.5 Feb 19, 2026 LOW CVE-2026-24764 OpenClaw: indirect prompt injection via Slack metadata 3.7 Feb 19, 2026 MEDIUM CVE-2026-25475 OpenClaw: path traversal enables arbitrary file read 6.5 Feb 4, 2026

Showing 51–61 of 61

← Previous

Monitor OpenClaw in your stack

Get instant alerts when new vulnerabilities affect OpenClaw. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring