Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/06 8:16 p.m.2 views

CVE-2026-43578

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged contex...

9.1CVSS0.00074EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/05 12:0 a.m.4 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from bypassing plugin trust mechanisms, allowing attackers to circumvent the expected trust levels when...

8.8CVSS5.8AI score0.00047EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/24 12:31 a.m.0 views

EUVD-2026-25345

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

7.1CVSS5.8AI score0.0005EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/29 12:0 a.m.1 views

PT-2026-28499

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description The software embeds long-lived shared gateway credentials directly within pairing setup codes. These codes are generated by the /pair API endpoint and the OpenClaw qr command. If setup codes are...

8.6CVSS5.9AI score0.00048EPSS
Exploits0References5
OSV
OSVadded 2026/03/21 1:17 a.m.1 views

CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

5.5CVSS5.9AI score
Exploits0References3
CVE
CVEadded 2026/03/19 1:0 a.m.3 views

CVE-2026-31995

CVE-2026-31995 affects OpenClaw 2026.1.21 and earlier, where the Lobster extension’s Windows shell fallback can be tricked into executing arbitrary commands. When a spawn failure triggers shell: true, an attacker can influence workflow arguments to cause cmd.exe command interpretation, enabling l...

7CVSS6AI score0.00039EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/21 1:28 a.m.4 views

CVE-2026-26322

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...

7.6CVSS5.7AI score0.00019EPSS
Exploits0References1
Rows per page
Query Builder