ReportizFlow
Filtered by vendor Openclaw
Subscriptions
Total
347 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41341 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 5.4 Medium |
| OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling. | ||||
| CVE-2026-41340 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 6.5 Medium |
| OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exploit this trust propagation to bypass authentication controls and gain unauthorized access to named accounts. | ||||
| CVE-2026-41339 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 4.3 Medium |
| OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks. | ||||
| CVE-2026-41338 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 5 Medium |
| OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in apply_patch, remove, and mkdir operations to manipulate files between validation and execution. | ||||
| CVE-2026-41337 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 5.3 Medium |
| OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during the replay process. | ||||
| CVE-2026-41336 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 7.8 High |
| OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code. | ||||
| CVE-2026-41335 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 5.3 Medium |
| OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and agent configurations. | ||||
| CVE-2026-41334 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 6.5 Medium |
| OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized images to cause denial of service through excessive memory consumption. | ||||
| CVE-2026-41333 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 3.7 Low |
| OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute force attacks against weak shared passwords. | ||||
| CVE-2026-41332 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 5.3 Medium |
| OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files to execute untrusted code or load malicious credentials. | ||||
| CVE-2026-41908 | 1 Openclaw | 1 Openclaw | 2026-04-23 | 4.3 Medium |
| OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to retrieve sensitive media content within allowed media roots. | ||||
| CVE-2026-41909 | 1 Openclaw | 1 Openclaw | 2026-04-23 | 5.4 Medium |
| OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device requests within the same gateway scope. | ||||
| CVE-2026-28470 | 1 Openclaw | 1 Openclaw | 2026-04-22 | 9.8 Critical |
| OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $() or backticks inside double-quoted strings to execute unauthorized commands. | ||||
| CVE-2026-34511 | 1 Openclaw | 1 Openclaw | 2026-04-22 | 5.3 Medium |
| OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption. | ||||
| CVE-2026-41329 | 1 Openclaw | 1 Openclaw | 2026-04-22 | 9.9 Critical |
| OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation. | ||||
| CVE-2026-40045 | 1 Openclaw | 1 Openclaw | 2026-04-22 | 5.7 Medium |
| OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials. | ||||
| CVE-2026-41298 | 1 Openclaw | 1 Openclaw | 2026-04-22 | 5.4 Medium |
| OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls. | ||||
| CVE-2026-41302 | 1 Openclaw | 1 Openclaw | 2026-04-22 | 7.6 High |
| OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch() calls to access internal resources or interact with external services on behalf of the affected system. | ||||
| CVE-2026-41331 | 1 Openclaw | 1 Openclaw | 2026-04-21 | 5.3 Medium |
| OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by initiating audio preflight operations before authorization checks are applied. | ||||
| CVE-2026-41296 | 1 Openclaw | 1 Openclaw | 2026-04-21 | 8.2 High |
| OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files. | ||||