ReportizFlow
Filtered by vendor Openclaw
Subscriptions
Total
347 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28446 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 9.4 Critical |
| OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inbound access controls by placing calls with missing caller IDs or numbers ending with allowlisted digits to reach the voice-call agent and execute tools. | ||||
| CVE-2026-28465 | 1 Openclaw | 2 Openclaw, Voice-call | 2026-04-16 | 5.9 Medium |
| OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-* headers in reverse-proxy configurations that implicitly trust these headers. | ||||
| CVE-2026-35635 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 4.8 Medium |
| OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access control policies and replace route ownership across accounts. | ||||
| CVE-2026-35628 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 4.8 Medium |
| OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook secrets through brute-force attacks. | ||||
| CVE-2026-35629 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 7.4 High |
| OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources. | ||||
| CVE-2026-35640 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 5.3 Medium |
| OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before signature rejection. | ||||
| CVE-2026-35633 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 5.3 Medium |
| OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs. | ||||
| CVE-2026-35642 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 4.3 Medium |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted. | ||||
| CVE-2026-35646 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 4.8 Medium |
| OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests. | ||||
| CVE-2026-34425 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 5.4 Medium |
| OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the validateScriptFileForShellBleed() validation checks and execute arbitrary script content that would otherwise be blocked. | ||||
| CVE-2026-34512 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 8.1 High |
| OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing ownership and operator scope restrictions. | ||||
| CVE-2026-35626 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 5.3 Medium |
| OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassing signature validation. | ||||
| CVE-2026-35631 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 6.5 Medium |
| OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates. | ||||
| CVE-2026-35632 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 7.1 High |
| OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to arbitrary files, enabling remote code execution via crontab injection or unauthorized access via SSH key manipulation. | ||||
| CVE-2026-35637 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 7.3 High |
| OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation occurs. | ||||
| CVE-2026-35638 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 8.8 High |
| OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions by declaring arbitrary scopes, bypassing device identity requirements. | ||||
| CVE-2026-35639 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 8.8 High |
| OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure. | ||||
| CVE-2026-35644 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 6.5 Medium |
| OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components. | ||||
| CVE-2026-35641 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 7.8 High |
| OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can leverage git dependencies to trigger execution of arbitrary programs specified in the attacker-controlled .npmrc configuration file. | ||||
| CVE-2026-35670 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 5.9 Medium |
| OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered replies to different users, bypassing the intended recipient binding recorded in webhook events. | ||||