CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/04/28 12:0 a.m.•1 views

PT-2026-35787

8.8CVSS5.3AI score0.00114EPSS

Exploits0References6

Vulnrichment•added 2026/04/23 9:57 p.m.•1 views

CVE-2026-41335 OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON

OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and...

6.9CVSS5.2AI score0.00041EPSS

CNNVD•added 2026/04/09 12:0 a.m.•3 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from the Control UI, which allowed unauthenticated sessions to retain the scope of privileges granted by...

8.8CVSS5.8AI score0.00056EPSS

RedhatCVE•added 2026/03/26 3:11 p.m.•0 views

CVE-2026-32020

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

5.5CVSS5.9AI score0.0002EPSS

Exploits0References1

OSV•added 2026/03/21 3:31 a.m.•3 views

GHSA-XH9J-MPC9-2M9P Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvgp-4c28-m3jm. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI...

EUVD•added 2026/03/21 12:42 a.m.•1 views

EUVD-2026-13960

OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui...

Cvelist•added 2026/03/21 12:42 a.m.•23 views

CVE-2026-32057 OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter

7.1CVSS0.00094EPSS

ATTACKERKB•added 2026/03/21 12:42 a.m.•0 views

CVE-2026-32057

Positive Technologies•added 2026/03/21 12:0 a.m.•1 views

PT-2026-26739

OSV•added 2026/03/19 10:16 p.m.•3 views

CVE-2026-32034

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

6.8CVSS5.9AI score

NVD•added 2026/03/19 10:16 p.m.•1 views

CVE-2026-32034

8.1CVSS0.00114EPSS

OSV•added 2026/03/19 10:16 p.m.•1 views

CVE-2026-32020

3.3CVSS6AI score

ATTACKERKB•added 2026/03/19 10:7 p.m.•0 views

CVE-2026-32034

6.8CVSS5.8AI score0.00114EPSS

CVE•added 2026/03/19 10:7 p.m.•3 views

CVE-2026-32034

OpenClaw has an authentication bypass in the Control UI for versions prior to 2026.2.21 when allowInsecureAuth is enabled and the gateway is exposed over plaintext HTTP. An attacker with leaked credentials can obtain high-privilege Control UI access due to lack of secure authentication over unenc...

8.1CVSS5.8AI score0.00114EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/03/19 10:7 p.m.•18 views

CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP

8.1CVSS0.00114EPSS

Vulnrichment•added 2026/03/19 10:6 p.m.•3 views

CVE-2026-32020 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler

4.8CVSS5.9AI score0.0002EPSS