OpenClaw Vulnerabilities

pip AI Agents

AI Threat Alert tracks 427 known vulnerabilities in OpenClaw, 15 rated critical — an AI/ML ai agents in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
427
Total CVEs
15
Critical
pip
Ecosystem
Jul 8, 2026
Last CVE
41%
Patch Rate
3d
Avg Time to Patch

Known Vulnerabilities (427 total, page 6 of 18)

Severity CVE ID Summary CVSS Published
LOW CVE-2026-32897 OpenClaw: auth token leak via prompt hash fallback 3.7 Mar 21, 2026 MEDIUM CVE-2026-32065 OpenClaw: approval bypass enables unauthorized command exec 4.8 Mar 21, 2026 LOW CVE-2026-32067 OpenClaw: auth bypass enables cross-account pairing reuse 3.7 Mar 21, 2026 MEDIUM CVE-2026-32061 OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials. 4.4 Mar 11, 2026 HIGH CVE-2026-32064 OpenClaw: unauthenticated VNC access in AI sandbox 7.7 Mar 21, 2026 HIGH CVE-2026-32057 OpenClaw: auth bypass grants unauthorized agent control access 7.1 Mar 21, 2026 MEDIUM CVE-2026-32053 OpenClaw: webhook replay bypass corrupts agent call state 6.5 Mar 21, 2026 MEDIUM CVE-2026-32054 OpenClaw: symlink traversal enables arbitrary file overwrite 6.5 Mar 21, 2026 HIGH CVE-2026-32056 OpenClaw: RCE via shell env var injection in system.run 7.5 Mar 21, 2026 MEDIUM CVE-2026-32052 OpenClaw: command injection via shell-wrapper argv bypass 6.4 Mar 21, 2026 HIGH CVE-2026-32051 OpenClaw: auth bypass lets operators invoke owner control-plane 8.8 Mar 21, 2026 LOW CVE-2026-32058 OpenClaw: approval bypass enables unauthorized agent execution 2.6 Mar 21, 2026 HIGH CVE-2026-32055 OpenClaw: path traversal enables arbitrary file write 7.6 Mar 21, 2026 HIGH CVE-2026-32042 OpenClaw: privilege escalation via unpaired device identity 8.8 Mar 21, 2026 MEDIUM CVE-2026-32046 OpenClaw: sandbox bypass enables host code execution 5.3 Mar 21, 2026 HIGH CVE-2026-32048 OpenClaw: sandbox escape via cross-agent spawn bypass 7.5 Mar 21, 2026 MEDIUM CVE-2026-32044 OpenClaw: archive safety bypass causes DoS in skill install 5.5 Mar 21, 2026 HIGH CVE-2026-32049 OpenClaw: media limit bypass enables memory exhaustion DoS 7.5 Mar 21, 2026 MEDIUM CVE-2026-32045 OpenClaw: auth bypass exposes HTTP gateway routes 5.9 Mar 21, 2026 LOW CVE-2026-32050 OpenClaw: auth bypass allows unauthorized status event injection 3.7 Mar 21, 2026 MEDIUM CVE-2026-32043 OpenClaw: TOCTOU symlink bypasses command approval guard 6.5 Mar 21, 2026 HIGH CVE-2026-32034 OpenClaw: auth bypass enables high-privilege agent control 8.1 Mar 19, 2026 MEDIUM CVE-2026-32036 OpenClaw: auth bypass via encoded path traversal in gateway 6.5 Mar 19, 2026 CRITICAL CVE-2026-32038 OpenClaw: sandbox bypass enables container lateral movement 9.8 Mar 19, 2026 MEDIUM CVE-2026-32035 OpenClaw: auth bypass grants owner-level tool access 5.9 Mar 19, 2026

Showing 126–150 of 427

Frequently asked questions

What is OpenClaw?

OpenClaw is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does OpenClaw have?

OpenClaw has 427 known CVEs, 15 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is OpenClaw distributed in?

OpenClaw is distributed via the pip ecosystem and categorized as ai agents.

Where does the OpenClaw vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of OpenClaw?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor OpenClaw in your stack

Get instant alerts when new vulnerabilities affect OpenClaw. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring