Openclaw
AI Threat Alert tracks 233 known AI/ML vulnerabilities affecting Openclaw products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Openclaw CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-33581 | OpenClaw: sandbox bypass enables arbitrary file read | OpenClaw | 6.5 |
| HIGH | CVE-2026-34503 | OpenClaw: WebSocket session persists after token revocation | OpenClaw | 8.1 |
| HIGH | CVE-2026-34504 | OpenClaw: SSRF in fal provider exposes internal services | OpenClaw | 8.3 |
| MEDIUM | CVE-2026-34505 | OpenClaw: webhook rate-limit bypass enables brute-force | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-35620 | OpenClaw: missing authz enables session policy hijack | OpenClaw | 5.4 |
| MEDIUM | CVE-2026-35619 | OpenClaw: auth bypass exposes AI gateway model metadata | OpenClaw | 4.3 |
| MEDIUM | CVE-2026-35617 | OpenClaw: auth bypass via group policy name collision | OpenClaw | 4.2 |
| MEDIUM | CVE-2026-35618 | OpenClaw: Plivo V2 replay bypass allows unauth actions | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-35621 | OpenClaw: privilege escalation via scope bypass in allowlist | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-35623 | OpenClaw: Brute-force auth bypass via webhook rate limit miss | OpenClaw | 4.8 |
| MEDIUM | CVE-2026-35624 | OpenClaw: auth bypass exposes protected Talk rooms | OpenClaw | 4.2 |
| MEDIUM | CVE-2026-35627 | OpenClaw: pre-auth DoS via Nostr DM resource exhaustion | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-35626 | OpenClaw: unauthenticated DoS via webhook body buffering | OpenClaw | 5.3 |
| HIGH | CVE-2026-35625 | OpenClaw: privilege escalation to RCE via silent reconnect | OpenClaw | 7.8 |
| MEDIUM | CVE-2026-35628 | OpenClaw: webhook brute-force bypasses AI agent auth | OpenClaw | 4.8 |
| MEDIUM | CVE-2026-35622 | OpenClaw: auth bypass in Google Chat webhook | OpenClaw | 5.9 |
| HIGH | CVE-2026-35638 | OpenClaw: priv escalation via trusted-proxy scope bypass | OpenClaw | 8.8 |
| MEDIUM | CVE-2026-35634 | OpenClaw: auth bypass grants unauthenticated Canvas access | OpenClaw | 5.1 |
| HIGH | CVE-2026-35632 | OpenClaw: symlink traversal enables RCE via agent config | OpenClaw | 7.1 |
| HIGH | CVE-2026-35637 | OpenClaw: auth bypass via premature cite expansion | OpenClaw | 7.3 |
Frequently asked questions
How many known vulnerabilities affect Openclaw?
233 AI/ML CVEs affecting Openclaw products are tracked, sourced from NVD and GitHub Advisory.
What Openclaw products are affected?
The CVEs below map to the Openclaw AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Openclaw vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Openclaw for new vulnerabilities?
AI Threat Alert tracks Openclaw continuously; a Pro subscription adds breaking alerts when new CVEs affecting Openclaw are published.
How do I assess Openclaw's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Openclaw issues first and judge the exposure for your stack.