Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/06/12 9:56 p.m.29 views

CVE-2026-53828 OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access contro...

8.8CVSS0.00267EPSS
Exploits0References2
NVD
NVDadded 2026/05/06 8:16 p.m.4 views

CVE-2026-43578

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged contex...

9.1CVSS0.00288EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/05 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from bypassing plugin trust mechanisms, allowing attackers to circumvent the expected trust levels when...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/24 12:31 a.m.3 views

EUVD-2026-25345

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

7.1CVSS5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/29 12:0 a.m.7 views

PT-2026-28499

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description The software embeds long-lived shared gateway credentials directly within pairing setup codes. These codes are generated by the /pair API endpoint and the OpenClaw qr command. If setup codes are...

8.6CVSS5.9AI score0.00246EPSS
Exploits0References5
OSV
OSVadded 2026/03/21 1:17 a.m.3 views

CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

5.5CVSS5.9AI score
Exploits0References3
CVE
CVEadded 2026/03/19 1:0 a.m.15 views

CVE-2026-31995

OpenClaw is affected: versions 2026.1.21 up to 2026.2.18 include a command injection in the Lobster extension’s Windows shell fallback mechanism. When spawn failures trigger shell: true and arguments are provided by the workflow, cmd.exe command interpretation can be exploited to execute arbitrar...

7CVSS6AI score0.00525EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/21 1:28 a.m.6 views

CVE-2026-26322

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...

7.6CVSS5.7AI score0.00336EPSS
Exploits0References1
Rows per page
Query Builder