Openclaw
AI Threat Alert tracks 233 known AI/ML vulnerabilities affecting Openclaw products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Openclaw CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-32975 | OpenClaw: auth bypass via group name spoofing in agent | OpenClaw | 9.8 |
| CRITICAL | CVE-2026-32973 | OpenClaw: exec allowlist bypass enables RCE | OpenClaw | 9.8 |
| HIGH | CVE-2026-33572 | OpenClaw: insecure transcript files expose agent secrets | OpenClaw | 8.4 |
| HIGH | CVE-2026-32979 | OpenClaw: TOCTOU race enables local code execution | OpenClaw | 7.3 |
| CRITICAL | CVE-2026-32987 | OpenClaw: bootstrap code replay escalates to operator.admin | OpenClaw | 9.8 |
| HIGH | CVE-2026-32978 | OpenClaw: script approval bypass allows RCE | OpenClaw | 8.0 |
| HIGH | CVE-2026-32982 | OpenClaw: Telegram bot token leaked in media fetch errors | OpenClaw | 7.5 |
| HIGH | CVE-2026-32980 | OpenClaw: unauthenticated webhook DoS via body buffering | OpenClaw | 7.5 |
| HIGH | CVE-2026-32988 | OpenClaw: sandbox escape via fs-bridge TOCTOU race | OpenClaw | 7.5 |
| MEDIUM | CVE-2026-32977 | OpenClaw: TOCTOU race condition enables sandbox file escape | OpenClaw | 6.3 |
| CRITICAL | CVE-2026-33579 | OpenClaw: scope bypass escalates low-priv to admin | OpenClaw | 9.9 |
| MEDIUM | CVE-2026-33576 | OpenClaw: pre-auth media fetch enables disk exhaustion DoS | OpenClaw | 6.5 |
| HIGH | CVE-2026-33573 | OpenClaw: workspace boundary bypass, arbitrary exec | OpenClaw | 8.8 |
| HIGH | CVE-2026-33575 | OpenClaw: gateway credential exposed in pairing setup codes | OpenClaw | 7.5 |
| MEDIUM | CVE-2026-33580 | OpenClaw: webhook brute-force enables event forgery | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-33578 | OpenClaw: allowlist bypass exposes AI agents to all users | OpenClaw | 4.3 |
| MEDIUM | CVE-2026-33574 | OpenClaw: TOCTOU path traversal enables arbitrary file write | OpenClaw | 6.2 |
| HIGH | CVE-2026-33577 | OpenClaw: scope bypass lets low-priv ops elevate node access | OpenClaw | 8.1 |
| MEDIUM | CVE-2026-34506 | OpenClaw: auth bypass lets any Teams user invoke AI agent | OpenClaw | 4.3 |
| HIGH | CVE-2026-34512 | OpenClaw: improper authz allows admin session kill | OpenClaw | 8.1 |
Frequently asked questions
How many known vulnerabilities affect Openclaw?
233 AI/ML CVEs affecting Openclaw products are tracked, sourced from NVD and GitHub Advisory.
What Openclaw products are affected?
The CVEs below map to the Openclaw AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Openclaw vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Openclaw for new vulnerabilities?
AI Threat Alert tracks Openclaw continuously; a Pro subscription adds breaking alerts when new CVEs affecting Openclaw are published.
How do I assess Openclaw's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Openclaw issues first and judge the exposure for your stack.