| CVE-2026-8305 |
critical |
9.8 |
9.8 |
|
|
openclaw |
23d ago |
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb… |
| CVE-2026-44996 |
low |
3.7 |
3.7 |
|
|
openclaw |
23d ago |
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag… |
| CVE-2026-44112 |
critical |
9.6 |
9.6 |
|
|
openclaw |
28d ago |
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root |
| CVE-2026-44109 |
critical |
9.8 |
9.8 |
|
|
openclaw |
28d ago |
OpenClaw: Feishu webhook and card-action validation now fail closed |
| CVE-2026-43585 |
critical |
9.8 |
9.8 |
|
|
openclaw |
28d ago |
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation |
| CVE-2026-43581 |
critical |
9.6 |
9.6 |
|
|
openclaw |
28d ago |
OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools proto… |
| CVE-2026-43578 |
critical |
9.1 |
9.1 |
|
|
openclaw |
28d ago |
OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can… |
| CVE-2026-43575 |
critical |
9.8 |
9.8 |
|
|
openclaw |
28d ago |
OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can acces… |
| CVE-2026-43566 |
critical |
9.8 |
9.8 |
|
|
openclaw |
1mo ago |
OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events |
| CVE-2026-43534 |
critical |
9.8 |
9.8 |
|
|
openclaw |
1mo ago |
OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input |
| CVE-2026-43529 |
low |
2.5 |
2.5 |
|
|
openclaw |
1mo ago |
OpenClaw: TOCTOU read in exec script preflight |
| CVE-2026-43526 |
critical |
9.3 |
9.3 |
|
|
openclaw |
1mo ago |
OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes |
| CVE-2026-41913 |
low |
3.7 |
3.7 |
|
|
openclaw |
1mo ago |
OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths |
| CVE-2026-41397 |
critical |
9.6 |
9.6 |
|
|
openclaw |
1mo ago |
OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal |
| CVE-2026-41386 |
critical |
9.8 |
9.8 |
|
|
openclaw |
1mo ago |
OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing |
| CVE-2026-41357 |
low |
3.3 |
3.3 |
|
|
openclaw |
1mo ago |
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve… |
| CVE-2026-41333 |
low |
3.7 |
3.7 |
|
|
openclaw |
1mo ago |
OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting |
| CVE-2026-28474 |
critical |
9.8 |
9.8 |
|
|
openclaw |
3mo ago |
Nextcloud Talk allowlist bypass via actor.name display name spoofing |
| CVE-2026-28395 |
critical |
9.1 |
9.1 |
|
|
openclaw |
3mo ago |
OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback |
