Known Vulnerabilities for products from Openclaw
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openclaw".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41389 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2026-41331 json | Not Provided | 2026-04-21 | 2026-04-20 | |
| CVE-2026-41330 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-41329 json | Not Provided | 2026-04-21 | 2026-04-20 | |
| CVE-2026-41303 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-41302 json | Not Provided | 2026-04-21 | 2026-04-20 | |
| CVE-2026-41301 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-41300 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-41299 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-41298 json | Not Provided | 2026-04-21 | 2026-04-20 | |
| CVE-2026-40037 json | OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allow... | Not Provided | 2026-04-08 | 2026-04-13 |
| CVE-2026-35670 json | OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to uni... | Not Provided | 2026-04-10 | 2026-04-13 |
| CVE-2026-35669 json | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that inco... | Not Provided | 2026-04-10 | 2026-04-13 |
| CVE-2026-35668 json | OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read ar... | Not Provided | 2026-04-10 | 2026-04-13 |
| CVE-2026-35666 json | OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/ti... | Not Provided | 2026-04-10 | 2026-04-13 |
| CVE-2026-35665 json | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodi... | Not Provided | 2026-04-10 | 2026-04-13 |
| CVE-2026-35664 json | OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recip... | Not Provided | 2026-04-10 | 2026-04-13 |
| CVE-2026-35663 json | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader ... | Not Provided | 2026-04-10 | 2026-04-13 |
| CVE-2026-35662 json | OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message c... | Not Provided | 2026-04-10 | 2026-04-13 |
| CVE-2026-35661 json | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows atta... | Not Provided | 2026-04-10 | 2026-04-13 |