Search
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44996 | low | 3.7 | 3.7 | openclaw | 23d ago | OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag… | ||
| CVE-2026-43529 | low | 2.5 | 2.5 | openclaw | 1mo ago | OpenClaw: TOCTOU read in exec script preflight | ||
| CVE-2026-41913 | low | 3.7 | 3.7 | openclaw | 1mo ago | OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths | ||
| CVE-2026-41357 | low | 3.3 | 3.3 | openclaw | 1mo ago | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve… | ||
| CVE-2026-41333 | low | 3.7 | 3.7 | openclaw | 1mo ago | OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting |