openclaw
npm355 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting openclawpage 3 of 8
- CVE-2026-35621MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.3.242026-04-10
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization po…
- CVE-2026-35622MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2026.3.222026-04-09
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authenticati…
- CVE-2026-35623MEDIUMCVSS 4.8EG 4.82026-04-09
OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password gu…
- CVE-2026-35624MEDIUMCVSS 4.2EG 4.2✓ Fixed in 2026.3.222026-04-09
OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain un…
- CVE-2026-35625HIGHCVSS 7.8EG 7.82026-04-09
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can e…
- CVE-2026-35626MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2026.3.222026-04-09
OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to …
- CVE-2026-35627MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.3.222026-04-09
OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending c…
- CVE-2026-35628MEDIUMCVSS 4.8EG 4.82026-04-09
OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without thrott…
- CVE-2026-35629HIGHCVSS 7.4EG 7.4✓ Fixed in 2026.3.282026-04-09
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against co…
- CVE-2026-35630HIGHCVSS 8.0EG 8.0✓ Fixed in 2026.5.182026-05-29
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin a…
- CVE-2026-35632HIGHCVSS 7.1EG 7.12026-04-09
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks …
- CVE-2026-35633MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2026.3.222026-04-09
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large b…
- CVE-2026-35634MEDIUMCVSS 5.1EG 5.1✓ Fixed in 2026.3.232026-04-09
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers …
- CVE-2026-35635MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2026.3.222026-04-09
OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or d…
- CVE-2026-35636MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.3.282026-04-09
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this …
- CVE-2026-35637HIGHCVSS 7.3EG 7.3✓ Fixed in 2026.3.222026-04-09
OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or ma…
- CVE-2026-35639HIGHCVSS 8.8EG 8.8✓ Fixed in 2026.3.222026-04-09
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually h…
- CVE-2026-35640MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2026.3.282026-04-09
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger d…
- CVE-2026-35641HIGHCVSS 7.8EG 7.8✓ Fixed in 2026.3.242026-04-10
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install…
- CVE-2026-35642MEDIUMCVSS 4.3EG 4.32026-04-09
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible syste…
- CVE-2026-35643HIGHCVSS 8.8EG 8.8✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android appl…
- CVE-2026-35645HIGHCVSS 8.1EG 8.1✓ Fixed in 2026.3.282026-04-09
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session del…
- CVE-2026-35646MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2026.3.282026-04-09
OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are reje…
- CVE-2026-35647MEDIUMCVSS 5.3EG 5.32026-04-10
OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by …
- CVE-2026-35648LOWCVSS 3.7EG 3.7✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tighte…
- CVE-2026-35649MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset du…
- CVE-2026-35650HIGHCVSS 7.5EG 7.5✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malforme…
- CVE-2026-35651MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2026.3.282026-04-10
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approva…
- CVE-2026-35652MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callb…
- CVE-2026-35653HIGHCVSS 8.1EG 8.1✓ Fixed in 2026.3.242026-04-10
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attack…
- CVE-2026-35654MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2026.3.282026-04-10
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endp…
- CVE-2026-35655MEDIUMCVSS 5.7EG 5.7✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to s…
- CVE-2026-35656MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote attackers can inject forged forwarding …
- CVE-2026-35657MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.3.252026-04-10
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissio…
- CVE-2026-35658MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.3.22026-04-10
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that o…
- CVE-2026-35659MEDIUMCVSS 4.6EG 4.6✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing…
- CVE-2026-35660HIGHCVSS 8.1EG 8.1✓ Fixed in 2026.3.232026-04-10
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can i…
- CVE-2026-35661MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2026.3.282026-04-10
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weak…
- CVE-2026-35662MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to com…
- CVE-2026-35663HIGHCVSS 8.8EG 8.82026-04-10
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining…
- CVE-2026-35664MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2026.3.282026-04-10
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and…
- CVE-2026-35665MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2026.3.242026-04-10
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker …
- CVE-2026-35666HIGHCVSS 8.8EG 8.8✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse a…
- CVE-2026-35667MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2026.3.242026-04-10
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers…
- CVE-2026-35668HIGHCVSS 7.7EG 7.7✓ Fixed in 2026.3.242026-04-10
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exp…
- CVE-2026-35669HIGHCVSS 8.8EG 8.82026-04-10
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope bo…
- CVE-2026-35670MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2026.3.222026-04-10
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can ma…
- CVE-2026-35674HIGHCVSS 8.8EG 8.8✓ Fixed in 2026.5.182026-05-29
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external r…
- CVE-2026-3690HIGHCVSS 7.4EG 7.4✓ Fixed in 2026.2.192026-04-11
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific fla…
- CVE-2026-40037MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2026.4.82026-04-08
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redir…
Check whether openclaw is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for openclaw CVEs against the assets you own.
Start Free Scan →