Package impact
NPM / openclaw
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41913 | low | 3.7 | 3.7 | 1mo ago | OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths | |||
| CVE-2026-41333 | low | 3.7 | 3.7 | 1mo ago | OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting | |||
| CVE-2026-43529 | low | 2.5 | 2.5 | 1mo ago | OpenClaw: TOCTOU read in exec script preflight |