AI Threat Alert

OpenClaw Vulnerabilities

pip AI Agents
136
Total CVEs
3
Critical
pip
Ecosystem
May 6, 2026
Last CVE
91%
Patch Rate
0d
Avg Time to Patch

Known Vulnerabilities (136 total, page 6 of 6)

Severity CVE ID Summary CVSS Published
HIGH GHSA-hr5v-j9h9-xjhg OpenClaw: sandbox escape via mediaUrl path traversal 7.7 Mar 30, 2026 MEDIUM GHSA-68f8-9mhj-h2mp OpenClaw: HTTP scope bypass enables model enumeration -- Mar 30, 2026 HIGH GHSA-m3mh-3mpg-37hw OpenClaw: .npmrc hijack enables RCE on plugin install 8.6 Mar 30, 2026 CRITICAL CVE-2026-30741 OpenClaw: RCE via request-side prompt injection 9.8 Mar 11, 2026 CRITICAL CVE-2026-28451 OpenClaw: SSRF via Feishu extension exposes internal services 9.3 Mar 5, 2026 HIGH CVE-2026-27001 OpenClaw: prompt injection via unsanitized workspace path 7.8 Feb 20, 2026 MEDIUM CVE-2026-26972 OpenClaw: path traversal allows arbitrary file write 6.7 Feb 20, 2026 HIGH CVE-2026-26321 OpenClaw: path traversal enables local file exfiltration 7.5 Feb 19, 2026 MEDIUM CVE-2026-26320 OpenClaw: UI deception enables arbitrary command execution 6.5 Feb 19, 2026 LOW CVE-2026-24764 OpenClaw: indirect prompt injection via Slack metadata 3.7 Feb 19, 2026 MEDIUM CVE-2026-25475 OpenClaw: path traversal enables arbitrary file read 6.5 Feb 4, 2026

Showing 126–136 of 136

← Previous

Monitor OpenClaw in your stack

Get instant alerts when new vulnerabilities affect OpenClaw. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring