Openclaw
AI Threat Alert tracks 233 known AI/ML vulnerabilities affecting Openclaw products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Openclaw CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-32913 | OpenClaw: auth header leak via cross-origin redirect | OpenClaw | 9.3 |
| MEDIUM | CVE-2026-32896 | OpenClaw: auth bypass via webhook passwordless fallback | OpenClaw | 4.8 |
| MEDIUM | CVE-2026-32899 | OpenClaw: sender-policy bypass injects unauthorized agent events | OpenClaw | 4.3 |
| MEDIUM | CVE-2026-32898 | OpenClaw: ACP bypass enables silent tool execution | OpenClaw | 5.4 |
| HIGH | CVE-2026-32915 | OpenClaw: sandbox bypass enables sibling agent hijack | OpenClaw | 8.8 |
| MEDIUM | CVE-2026-32895 | OpenClaw: auth bypass circumvents Slack event allowlists | OpenClaw | 5.4 |
| CRITICAL | CVE-2026-32916 | OpenClaw: auth bypass enables unauth agent execution | OpenClaw | 9.4 |
| CRITICAL | CVE-2026-32922 | OpenClaw: privilege escalation to RCE via token scope bypass | OpenClaw | 9.9 |
| HIGH | CVE-2026-32920 | OpenClaw: workspace plugin auto-load enables RCE | OpenClaw | 8.4 |
| MEDIUM | CVE-2026-32919 | OpenClaw: auth bypass enables unauthorized session reset | OpenClaw | 6.1 |
| HIGH | CVE-2026-32918 | OpenClaw: session sandbox escape exposes cross-agent state | OpenClaw | 8.4 |
| MEDIUM | CVE-2026-32923 | OpenClaw: auth bypass enables Discord reaction context injection | OpenClaw | 5.4 |
| MEDIUM | CVE-2026-32921 | OpenClaw: script approval bypass allows code execution | OpenClaw | 6.3 |
| CRITICAL | CVE-2026-32917 | OpenClaw: RCE via unsanitized iMessage SCP paths | OpenClaw | 9.8 |
| HIGH | CVE-2026-32971 | OpenClaw: approval UI spoofing enables local RCE | OpenClaw | 7.1 |
| CRITICAL | CVE-2026-32924 | OpenClaw: auth bypass via Feishu reaction misclassification | OpenClaw | 9.8 |
| HIGH | CVE-2026-32972 | OpenClaw: auth bypass enables persistent CDP backdoor | OpenClaw | 7.1 |
| HIGH | CVE-2026-32974 | OpenClaw: auth bypass triggers forged webhook tool execution | OpenClaw | 8.6 |
| LOW | CVE-2026-32970 | OpenClaw: credential fallback bypasses local auth boundary | OpenClaw | 2.5 |
| MEDIUM | CVE-2026-32976 | OpenClaw: auth bypass mutates protected agent config | OpenClaw | 6.5 |
Frequently asked questions
How many known vulnerabilities affect Openclaw?
233 AI/ML CVEs affecting Openclaw products are tracked, sourced from NVD and GitHub Advisory.
What Openclaw products are affected?
The CVEs below map to the Openclaw AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Openclaw vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Openclaw for new vulnerabilities?
AI Threat Alert tracks Openclaw continuously; a Pro subscription adds breaking alerts when new CVEs affecting Openclaw are published.
How do I assess Openclaw's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Openclaw issues first and judge the exposure for your stack.