ReportizFlow
Filtered by vendor Openclaw
Subscriptions
Filtered by product Openclaw
Subscriptions
Total
346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35658 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 6.5 Medium |
| OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject. | ||||
| CVE-2026-35652 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 6.5 Medium |
| OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling unauthorized actions. | ||||
| CVE-2026-35643 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 8.8 High |
| OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context. | ||||
| CVE-2026-35651 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 4.3 Medium |
| OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles. | ||||
| CVE-2026-35657 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 6.5 Medium |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint. | ||||
| CVE-2026-35663 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 8.8 High |
| OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges. | ||||
| CVE-2026-35669 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 8.8 High |
| OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform unauthorized administrative actions. | ||||
| CVE-2026-3690 | 1 Openclaw | 1 Openclaw | 2026-04-14 | N/A |
| OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311. | ||||
| CVE-2026-35656 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 6.5 Medium |
| OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote attackers can inject forged forwarding headers to bypass canvas authentication and rate-limiting protections by masquerading as loopback clients. | ||||
| CVE-2026-35655 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 5.7 Medium |
| OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security restrictions. | ||||
| CVE-2026-35654 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 5.3 Medium |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or reflection. | ||||
| CVE-2026-35653 | 1 Openclaw | 1 Openclaw | 2026-04-14 | 8.1 High |
| OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the browser.request surface to stop the running browser, close Playwright connections, and move profile directories to Trash, crossing intended privilege boundaries. | ||||
| CVE-2026-35650 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 7.5 High |
| OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsistent validation to execute arbitrary code with unintended environment variables. | ||||
| CVE-2026-35649 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 6.5 Medium |
| OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access control denials and restoring previously revoked permissions. | ||||
| CVE-2026-35648 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 3.7 Low |
| OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands. | ||||
| CVE-2026-35647 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 5.3 Medium |
| OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation before message transmission. | ||||
| CVE-2026-35668 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 7.7 High |
| OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in normalizeSandboxMediaParams and missing mediaLocalRoots context to access sensitive files including API keys and configuration data outside designated sandbox roots. | ||||
| CVE-2026-35666 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 8.8 High |
| OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands. | ||||
| CVE-2026-35665 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 5.3 Medium |
| OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint, blocking legitimate webhook deliveries. | ||||
| CVE-2026-35662 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 4.3 Medium |
| OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope validation, bypassing intended access control restrictions. | ||||