CVE-2026-53851

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading ...

CVE-2026-53846 OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath

OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npmexecpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager...

CVE-2026-53842

OpenClaw prior to 2026.5.2 is affected by an environment variable injection in CLOUDSDK_PYTHON that can influence Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can set CLOUDSDK_PYTHON to point to unintended local Python paths, potentially enabling ...

CVE-2026-53840

OpenClaw CVE-2026-53840 affects the OpenClaw MCP stack before version 2026.5.12. The issue is an information-disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. If an attacker controls or can compromise an MCP end...

PT-2026-49773

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.23 through 2026.4.23 Description An insecure file permissions issue exists in the config recovery process that restores the OpenClaw.json file with overly broad permissions. Local attackers on shared hosts can exploit...

EUVD-2026-36608

OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command...

CVE-2026-53821

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

CVE-2026-53835 OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

CVE-2026-53835

OpenClaw (pre-2026.5.6) contains a configuration enforcement bypass in Feishu dynamic-agent bindings. The flaw allows authenticated senders to create or update bindings without honoring configured config-write controls, enabling changes to sender-agent binding state beyond policy. Affected compon...

CVE-2026-53832 OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...

CVE-2026-53826 OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

CVE-2026-53826

OpenClaw is affected by an information-disclosure vulnerability in sandboxed session spawning affecting versions prior to 2026.4.26. The issue allows a sandboxed parent to reveal the real workspace path to child prompts, potentially exposing host workspace location or related memory context to ch...

PT-2026-49039

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description A configuration enforcement bypass exists in Feishu dynamic-agent bindings. This issue allows authenticated senders to create or update bindings without adhering to the configured config-write...

PT-2026-49026

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls...

CVE-2026-53810

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...

CVE-2026-53808

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

CVE-2026-53817

OpenClaw CVE-2026-53817 affects the Control UI pairing in OpenClaw, where locality validation is insufficient. This allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens, converting temporary shared access into persistent administrative ...

CVE-2026-53816

OpenClaw before 2026.5.18 is affected by an insufficient provenance validation vulnerability in node event handling. A malicious or compromised paired node can send crafted node.event messages to the gateway, allowing forging of exec lifecycle events and steering target sessions into exec-event p...

EUVD-2026-36322

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway,...

EUVD-2026-36316

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...