Known Vulnerabilities for products from Openclaw
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openclaw".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45006 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-45005 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-45004 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-45003 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-45002 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-45001 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-45000 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-44999 json | Not Provided | 2026-05-11 | 2026-05-12 | |
| CVE-2026-44998 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-44997 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-44118 json | OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. N... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-44117 json | OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL va... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-44116 json | OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that f... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-44115 json | OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted hered... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-44114 json | OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv f... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-44113 json | OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows ... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-44112 json | OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that all... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-44111 json | OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows ca... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-44110 json | OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that tr... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-44109 json | OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that a... | Not Provided | 2026-05-06 | 2026-05-07 |