ReportizFlow
Filtered by vendor Openclaw
Subscriptions
Filtered by product Openclaw
Subscriptions
Total
346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28480 | 1 Openclaw | 1 Openclaw | 2026-04-17 | 6.5 Medium |
| OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with bots as unauthorized senders. | ||||
| CVE-2026-28482 | 1 Openclaw | 1 Openclaw | 2026-04-17 | 7.1 High |
| OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to read or write arbitrary files outside the agent sessions directory. | ||||
| CVE-2026-28485 | 1 Openclaw | 1 Openclaw | 2026-04-17 | 8.4 High |
| OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context actions and access sensitive in-session data by sending requests to unauthenticated endpoints. | ||||
| CVE-2026-35618 | 1 Openclaw | 1 Openclaw | 2026-04-17 | 6.5 Medium |
| OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized base URL, enabling attackers to mint new verified request keys through unsigned query-only changes to signed requests. | ||||
| CVE-2026-35622 | 1 Openclaw | 1 Openclaw | 2026-04-17 | 5.9 Medium |
| OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execute unauthorized actions through the Google Chat integration. | ||||
| CVE-2026-35624 | 1 Openclaw | 1 Openclaw | 2026-04-17 | 4.2 Medium |
| OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms. | ||||
| CVE-2026-35627 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.5 Medium |
| OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through resource exhaustion. | ||||
| CVE-2026-35634 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 5.1 Medium |
| OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket requests to Canvas routes to bypass authentication and gain unauthorized access. | ||||
| CVE-2026-35636 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.5 Medium |
| OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions. | ||||
| CVE-2026-35617 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 4.2 Medium |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources. | ||||
| CVE-2026-35623 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 4.8 Medium |
| OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password guesses to the webhook endpoint to compromise authentication and gain unauthorized access. | ||||
| CVE-2026-35625 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.8 High |
| OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node. | ||||
| CVE-2026-28392 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.5 High |
| OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open (must be configured). Attackers can execute privileged slash commands via direct message to bypass allowlist and access-group restrictions. | ||||
| CVE-2026-28395 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.5 Medium |
| OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension (must be installed and enabled) relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl is configured. Remote attackers can access relay HTTP endpoints off-host to leak service presence and port information, or conduct denial-of-service and brute-force attacks against the relay token header. | ||||
| CVE-2026-28447 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 8.1 High |
| OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files outside the intended installation directory when victims run the plugins install command. | ||||
| CVE-2026-28448 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.3 High |
| OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be installed and enabled) in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent dispatch. Remote attackers can mention the bot in Twitch chat to bypass access control and invoke the agent pipeline, potentially causing unintended actions or resource exhaustion. | ||||
| CVE-2026-28450 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.8 Medium |
| OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote attackers can exploit these endpoints to read sensitive profile data, modify Nostr profiles, persist malicious changes to gateway configuration, and publish signed Nostr events using the bot's private key when the gateway HTTP port is accessible beyond localhost. | ||||
| CVE-2026-28451 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 8.3 High |
| OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls through direct manipulation or prompt injection to trigger requests to internal services and re-upload responses as Feishu media. | ||||
| CVE-2026-28454 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.5 High |
| OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must be enabled), allowing unauthenticated HTTP POST requests to the webhook endpoint that trust attacker-controlled JSON payloads. Remote attackers can forge Telegram updates by spoofing message.from.id and chat.id fields to bypass sender allowlists and execute privileged bot commands. | ||||
| CVE-2026-28457 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 6.1 Medium |
| OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring (must be enabled) that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences like ../ or absolute paths in the name field can write files outside the sandbox workspace root directory. | ||||