Openclaw
AI Threat Alert tracks 233 known AI/ML vulnerabilities affecting Openclaw products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Openclaw CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-32023 | OpenClaw: approval gating bypass enables shell execution | OpenClaw | 7.1 |
| MEDIUM | CVE-2026-32021 | OpenClaw: auth bypass via Feishu display name spoofing | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32033 | OpenClaw: path traversal leaks files outside workspace | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32027 | OpenClaw: authorization bypass in group sender allowlist | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32028 | OpenClaw: auth bypass enables unauthorized agent execution | OpenClaw | 5.3 |
| HIGH | CVE-2026-32032 | OpenClaw: SHELL env var injection enables local RCE | OpenClaw | 7.8 |
| MEDIUM | CVE-2026-32029 | OpenClaw: IP spoofing bypasses rate-limiting controls | OpenClaw | 5.3 |
| MEDIUM | CVE-2026-32026 | OpenClaw: sandbox path traversal leaks host temp files | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32031 | OpenClaw: auth bypass in plugin channel gateway | OpenClaw | 4.8 |
| HIGH | CVE-2026-32030 | OpenClaw: path traversal exposes host files via SCP | OpenClaw | 7.5 |
| MEDIUM | CVE-2026-32039 | OpenClaw: auth bypass grants privileged tool access | OpenClaw | 5.9 |
| MEDIUM | CVE-2026-32037 | OpenClaw: SSRF bypass via MSTeams redirect chain | OpenClaw | 6.0 |
| MEDIUM | CVE-2026-32041 | OpenClaw: auth bypass exposes browser-control RCE | OpenClaw | 6.9 |
| MEDIUM | CVE-2026-32040 | OpenClaw: XSS via HTML export mimeType injection | OpenClaw | 4.6 |
| MEDIUM | CVE-2026-32035 | OpenClaw: auth bypass grants owner-level tool access | OpenClaw | 5.9 |
| CRITICAL | CVE-2026-32038 | OpenClaw: sandbox bypass enables container lateral movement | OpenClaw | 9.8 |
| MEDIUM | CVE-2026-32036 | OpenClaw: auth bypass via encoded path traversal in gateway | OpenClaw | 6.5 |
| HIGH | CVE-2026-32034 | OpenClaw: auth bypass enables high-privilege agent control | OpenClaw | 8.1 |
| MEDIUM | CVE-2026-32043 | OpenClaw: TOCTOU symlink bypasses command approval guard | OpenClaw | 6.5 |
| LOW | CVE-2026-32050 | OpenClaw: auth bypass allows unauthorized status event injection | OpenClaw | 3.7 |
Frequently asked questions
How many known vulnerabilities affect Openclaw?
233 AI/ML CVEs affecting Openclaw products are tracked, sourced from NVD and GitHub Advisory.
What Openclaw products are affected?
The CVEs below map to the Openclaw AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Openclaw vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Openclaw for new vulnerabilities?
AI Threat Alert tracks Openclaw continuously; a Pro subscription adds breaking alerts when new CVEs affecting Openclaw are published.
How do I assess Openclaw's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Openclaw issues first and judge the exposure for your stack.