Known Vulnerabilities for products from Openclaw
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openclaw".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-59261 json | Not Provided | 2026-07-08 | 2026-07-09 | |
| CVE-2026-55249 json | Not Provided | 2026-06-23 | 2026-06-23 | |
| CVE-2026-53866 json | OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticate... | Not Provided | 2026-06-16 | 2026-06-18 |
| CVE-2026-53865 json | Not Provided | 2026-06-16 | 2026-06-18 | |
| CVE-2026-53864 json | OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows N... | Not Provided | 2026-06-16 | 2026-06-18 |
| CVE-2026-53863 json | OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated gro... | Not Provided | 2026-06-16 | 2026-06-17 |
| CVE-2026-53862 json | Not Provided | 2026-06-16 | 2026-06-16 | |
| CVE-2026-53861 json | OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSI... | Not Provided | 2026-06-16 | 2026-06-18 |
| CVE-2026-53860 json | OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allow... | Not Provided | 2026-06-16 | 2026-06-17 |
| CVE-2026-53859 json | OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons usi... | Not Provided | 2026-06-16 | 2026-06-17 |
| CVE-2026-53858 json | OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could ... | Not Provided | 2026-06-16 | 2026-06-18 |
| CVE-2026-53857 json | OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could ... | Not Provided | 2026-06-16 | 2026-06-18 |
| CVE-2026-53856 json | OpenClaw 2026.4.23 before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores Open... | Not Provided | 2026-06-16 | 2026-06-18 |
| CVE-2026-53855 json | OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allow... | Not Provided | 2026-06-16 | 2026-06-18 |
| CVE-2026-53854 json | OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that a... | Not Provided | 2026-06-16 | 2026-06-18 |
| CVE-2026-53853 json | OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execu... | Not Provided | 2026-06-16 | 2026-06-18 |
| CVE-2026-53852 json | OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated op... | Not Provided | 2026-06-16 | 2026-06-17 |
| CVE-2026-53851 json | OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipe... | Not Provided | 2026-06-16 | 2026-06-17 |
| CVE-2026-53850 json | OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenti... | Not Provided | 2026-06-16 | 2026-06-17 |
| CVE-2026-53849 json | OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Disco... | Not Provided | 2026-06-16 | 2026-06-18 |