OpenClaw Vulnerabilities

pip AI Agents

AI Threat Alert tracks 427 known vulnerabilities in OpenClaw, 15 rated critical — an AI/ML ai agents in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
427
Total CVEs
15
Critical
pip
Ecosystem
Jul 8, 2026
Last CVE
41%
Patch Rate
3d
Avg Time to Patch

Known Vulnerabilities (427 total, page 7 of 18)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2026-32040 OpenClaw: XSS via HTML export mimeType injection 4.6 Mar 19, 2026 MEDIUM CVE-2026-32041 OpenClaw: auth bypass exposes browser-control RCE 6.9 Mar 19, 2026 MEDIUM CVE-2026-32037 OpenClaw: SSRF bypass via MSTeams redirect chain 6.0 Mar 19, 2026 MEDIUM CVE-2026-32039 OpenClaw: auth bypass grants privileged tool access 5.9 Mar 19, 2026 HIGH CVE-2026-32030 OpenClaw: path traversal exposes host files via SCP 7.5 Mar 19, 2026 MEDIUM CVE-2026-32031 OpenClaw: auth bypass in plugin channel gateway 4.8 Mar 19, 2026 MEDIUM CVE-2026-32026 OpenClaw: sandbox path traversal leaks host temp files 6.5 Mar 19, 2026 MEDIUM CVE-2026-32029 OpenClaw: IP spoofing bypasses rate-limiting controls 5.3 Mar 19, 2026 HIGH CVE-2026-32032 OpenClaw: SHELL env var injection enables local RCE 7.8 Mar 19, 2026 MEDIUM CVE-2026-32028 OpenClaw: auth bypass enables unauthorized agent execution 5.3 Mar 19, 2026 MEDIUM CVE-2026-32027 OpenClaw: authorization bypass in group sender allowlist 6.5 Mar 19, 2026 MEDIUM CVE-2026-32033 OpenClaw: path traversal leaks files outside workspace 6.5 Mar 19, 2026 MEDIUM CVE-2026-32021 OpenClaw: auth bypass via Feishu display name spoofing 6.5 Mar 19, 2026 HIGH CVE-2026-32023 OpenClaw: approval gating bypass enables shell execution 7.1 Mar 19, 2026 MEDIUM CVE-2026-32022 OpenClaw: grep safeBins bypass enables arbitrary file read 6.5 Mar 19, 2026 HIGH CVE-2026-32025 OpenClaw: WebSocket auth bypass enables agent hijack 7.5 Mar 19, 2026 LOW CVE-2026-32020 OpenClaw: symlink traversal enables arbitrary file read 3.3 Mar 19, 2026 LOW CVE-2026-32018 OpenClaw: race condition corrupts sandbox registry state 3.6 Mar 19, 2026 MEDIUM CVE-2026-32024 OpenClaw: symlink traversal leaks arbitrary local files 5.5 Mar 19, 2026 HIGH CVE-2026-32019 OpenClaw: SSRF bypass via incomplete IPv4 range validation 7.4 Mar 19, 2026 HIGH CVE-2026-32014 OpenClaw: metadata spoofing bypasses agent command policies 8.0 Mar 19, 2026 HIGH CVE-2026-32017 OpenClaw: allowlist bypass enables arbitrary file write 7.1 Mar 19, 2026 HIGH CVE-2026-32016 OpenClaw: path bypass allows unauthorized binary execution 7.8 Mar 19, 2026 HIGH CVE-2026-32011 OpenClaw: pre-auth webhook DoS exhausts parser resources 7.5 Mar 19, 2026 MEDIUM CVE-2026-32009 OpenClaw: binary hijacking via safeBins path bypass 5.7 Mar 19, 2026

Showing 151–175 of 427

Frequently asked questions

What is OpenClaw?

OpenClaw is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does OpenClaw have?

OpenClaw has 427 known CVEs, 15 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is OpenClaw distributed in?

OpenClaw is distributed via the pip ecosystem and categorized as ai agents.

Where does the OpenClaw vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of OpenClaw?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor OpenClaw in your stack

Get instant alerts when new vulnerabilities affect OpenClaw. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring