Package impact

NPM / openclaw

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-41356	medium	5.4	5.4				1mo ago	OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation
CVE-2026-41348	medium	5.4	5.4				1mo ago	OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist
CVE-2026-41341	medium	5.4	5.4				1mo ago	OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message
CVE-2026-45002	medium	5.3	5.3				23d ago	OpenClaw: Hook mapping templates could bypass hook session-key opt-in
CVE-2026-44999	medium	5.3	5.3				23d ago	OpenClaw: Isolated cron awareness events were recorded as trusted system events
CVE-2026-43572	medium	5.3	5.3				1mo ago	OpenClaw: Microsoft Teams SSO invoke handler missed sender authorization checks
CVE-2026-42427	medium	5.3	5.3				1mo ago	OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class)
CVE-2026-41407	medium	5.3	5.3				1mo ago	OpenClaw: Shared-secret comparison call sites leaked length information through timing
CVE-2026-41374	medium	5.3	5.3				1mo ago	OpenClaw runs Discord audio preflight transcription before member authorization
CVE-2026-41354	medium	5.3	5.3				1mo ago	OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders
CVE-2026-41351	medium	5.3	5.3				1mo ago	OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding
CVE-2026-41343	medium	5.3	5.3				1mo ago	OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification
CVE-2026-41337	medium	5.3	5.3				1mo ago	OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection
CVE-2026-41335	medium	5.3	5.3				1mo ago	OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability
CVE-2026-41332	medium	5.3	5.3				1mo ago	OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override
CVE-2026-45003	medium	5.0	5.0				23d ago	OpenClaw: Workspace dotenv files cannot override connector endpoint hosts
CVE-2026-44992	medium	5.0	5.0				23d ago	OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests
CVE-2026-42424	medium	5.0	5.0				1mo ago	OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration
CVE-2026-41393	medium	4.8	4.8				1mo ago	OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration
CVE-2026-41398	medium	4.6	4.6				1mo ago	OpenClaw: iOS A2UI bridge trusted generic local-network pages for agent.request dispatch
CVE-2026-41377	medium	4.6	4.6				1mo ago	OpenClaw: Security Scan Failure Does Not Block Plugin Installation (Fail-Open)
CVE-2026-44997	medium	4.3	4.3				23d ago	OpenClaw's ACP child sessions inherit subagent security envelope constraints
CVE-2026-41910	medium	4.3	4.3				1mo ago	OpenClaw: /allowlist omits owner-only enforcement for cross-channel allowlist writes
CVE-2026-41339	medium	4.3	4.3				1mo ago	OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
CVE-2026-44991	medium	4.2	4.2				23d ago	OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners
CVE-2026-41403	medium	4.0	4.0				1mo ago	OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled
CVE-2026-41913	low	3.7	3.7				1mo ago	OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths
CVE-2026-41333	low	3.7	3.7				1mo ago	OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting
CVE-2026-43529	low	2.5	2.5				1mo ago	OpenClaw: TOCTOU read in exec script preflight