Openclaw
AI Threat Alert tracks 233 known AI/ML vulnerabilities affecting Openclaw products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Openclaw CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-53817 | OpenClaw: locality spoof yields durable admin credentials | openclaw | 8.8 |
| MEDIUM | CVE-2026-53818 | OpenClaw: MCP loopback auth bypass enables policy evasion | openclaw | 6.6 |
| MEDIUM | CVE-2026-53820 | OpenClaw: exec denylist bypass via MCP session-spawn | OpenClaw | 6.6 |
| HIGH | CVE-2026-53822 | OpenClaw: TOCTOU command injection bypasses allowlist | OpenClaw | 8.8 |
| MEDIUM | CVE-2026-53824 | OpenClaw: stale slash tokens bypass revocation controls | OpenClaw | 6.5 |
| HIGH | CVE-2026-53821 | OpenClaw: auth bypass grants admin RPC via WebSocket | OpenClaw | 8.8 |
| HIGH | CVE-2026-53823 | OpenClaw: privilege escalation via Slack display name spoofing | OpenClaw | 8.1 |
| MEDIUM | CVE-2026-53825 | OpenClaw: path traversal exposes local files via wiki ingest | OpenClaw | 6.5 |
| HIGH | CVE-2026-53831 | OpenClaw: safe-bin allowlist bypass via shell expansion | OpenClaw | 8.3 |
| MEDIUM | CVE-2026-53826 | OpenClaw: workspace path leaked from sandboxed sessions | OpenClaw | 4.3 |
| HIGH | CVE-2026-53828 | OpenClaw: auth bypass enables owner command execution | OpenClaw | 8.8 |
| MEDIUM | CVE-2026-53827 | OpenClaw: SSRF leaks Gateway credentials via model metadata | OpenClaw | 6.5 |
| HIGH | CVE-2026-53832 | OpenClaw: identity header spoof grants operator access | OpenClaw | 7.7 |
| MEDIUM | CVE-2026-53830 | OpenClaw: stale webhook secrets bypass revocation | OpenClaw | 6.5 |
| HIGH | CVE-2026-53829 | OpenClaw: approval truncation bypasses exec oversight | OpenClaw | 8.0 |
| MEDIUM | CVE-2026-53839 | OpenClaw: hostname prefix bypass leaks auth tokens | OpenClaw | 6.5 |
| HIGH | CVE-2026-53834 | OpenClaw: auth bypass in QQBot pre-dispatch commands | OpenClaw | 7.5 |
| MEDIUM | CVE-2026-53835 | OpenClaw: auth bypass in Feishu agent binding controls | OpenClaw | 4.3 |
| LOW | CVE-2026-53837 | OpenClaw: DM policy bypass via Mattermost event spoofing | OpenClaw | 3.7 |
| HIGH | CVE-2026-53836 | OpenClaw: PowerShell allowlist bypass enables arbitrary RCE | OpenClaw | 8.8 |
Frequently asked questions
How many known vulnerabilities affect Openclaw?
233 AI/ML CVEs affecting Openclaw products are tracked, sourced from NVD and GitHub Advisory.
What Openclaw products are affected?
The CVEs below map to the Openclaw AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Openclaw vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Openclaw for new vulnerabilities?
AI Threat Alert tracks Openclaw continuously; a Pro subscription adds breaking alerts when new CVEs affecting Openclaw are published.
How do I assess Openclaw's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Openclaw issues first and judge the exposure for your stack.