Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: openclaw Clear
ID Title
CVE-2026-53866 OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
CVE-2026-53865 Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53864 OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
CVE-2026-53863 Vulnerability in openclaw (CVE-2026-53863)
vulnerability in openclaw (CVE-2026-53863). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53862 Privilege Escalation in openclaw (CVE-2026-53862)
vulnerability in openclaw (CVE-2026-53862). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-53861 Vulnerability in openclaw (CVE-2026-53861)
vulnerability in openclaw (CVE-2026-53861). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.6` or later.
CVE-2026-53856 Vulnerability in openclaw (CVE-2026-53856)
vulnerability in openclaw (CVE-2026-53856). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.24` or later.
CVE-2026-53857 OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
CVE-2026-53858 Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53859 Vulnerability in openclaw (CVE-2026-53859)
vulnerability in openclaw (CVE-2026-53859). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.26` or later.
CVE-2026-53860 Authorization Flaw in openclaw (CVE-2026-53860)
vulnerability in openclaw (CVE-2026-53860). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.7` or later.
CVE-2026-53855 OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
CVE-2026-53854 Authorization Flaw in openclaw (CVE-2026-53854)
vulnerability in openclaw (CVE-2026-53854). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53853 OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
CVE-2026-53852 Vulnerability in openclaw (CVE-2026-53852)
vulnerability in openclaw (CVE-2026-53852). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53851 Vulnerability in openclaw (CVE-2026-53851)
vulnerability in openclaw (CVE-2026-53851). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-53850 Vulnerability in openclaw (CVE-2026-53850)
vulnerability in openclaw (CVE-2026-53850). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53849 OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
CVE-2026-53843 OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
CVE-2026-53842 Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53844 Vulnerability in openclaw (CVE-2026-53844)
vulnerability in openclaw (CVE-2026-53844). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
CVE-2026-53845 Vulnerability in openclaw (CVE-2026-53845)
vulnerability in openclaw (CVE-2026-53845). Risk of unauthorized operations or information disclosure. Exploitable via ``runBeforeToolCallHook``. Mitigation: upgrade to `2026.5.6` or later.
CVE-2026-53847 Vulnerability in openclaw (CVE-2026-53847)
vulnerability in openclaw (CVE-2026-53847). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.write``. Mitigation: upgrade to `2026.5.6` or later.
CVE-2026-53848 OS Command Injection in openclaw (CVE-2026-53848)
OS command injection in openclaw (CVE-2026-53848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.26` or later.
CVE-2026-53846 Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
CVE-2026-53841 Cross-Site Scripting (XSS) in openclaw (CVE-2026-53841)
cross-site scripting in openclaw (CVE-2026-53841). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-53840 Vulnerability in openclaw (CVE-2026-53840)
vulnerability in openclaw (CVE-2026-53840). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-53839 Vulnerability in openclaw (CVE-2026-53839)
vulnerability in openclaw (CVE-2026-53839). Confidential information can be exposed externally.
CVE-2026-53838 Vulnerability in openclaw (CVE-2026-53838)
vulnerability in openclaw (CVE-2026-53838). Successful exploitation can lead to full system takeover.
CVE-2026-53837 Vulnerability in openclaw (CVE-2026-53837)
vulnerability in openclaw (CVE-2026-53837). Risk of unauthorized operations or information disclosure.
CVE-2026-53836 Vulnerability in openclaw (CVE-2026-53836)
vulnerability in openclaw (CVE-2026-53836). Successful exploitation can lead to full system takeover.
CVE-2026-53835 Authorization Flaw in openclaw (CVE-2026-53835)
vulnerability in openclaw (CVE-2026-53835). Risk of unauthorized operations or information disclosure.
CVE-2026-53834 Authorization Flaw in openclaw (CVE-2026-53834)
vulnerability in openclaw (CVE-2026-53834). Data can be tampered with by attackers.
CVE-2026-53831 Vulnerability in openclaw (CVE-2026-53831)
vulnerability in openclaw (CVE-2026-53831). Confidential information can be exposed externally.
CVE-2026-53827 SSRF (Server-Side Request Forgery) in openclaw (CVE-2026-53827)
SSRF in openclaw (CVE-2026-53827). Confidential information can be exposed externally.
CVE-2026-53828 Authorization Flaw in openclaw (CVE-2026-53828)
vulnerability in openclaw (CVE-2026-53828). Successful exploitation can lead to full system takeover.
CVE-2026-53829 Vulnerability in openclaw (CVE-2026-53829)
vulnerability in openclaw (CVE-2026-53829). Successful exploitation can lead to full system takeover.
CVE-2026-53830 Vulnerability in openclaw (CVE-2026-53830)
vulnerability in openclaw (CVE-2026-53830). Data can be tampered with by attackers.
CVE-2026-53833 Vulnerability in openclaw (CVE-2026-53833)
vulnerability in openclaw (CVE-2026-53833). Confidential information can be exposed externally.
CVE-2026-53826 Vulnerability in c (CVE-2026-53826)
vulnerability in c (CVE-2026-53826). Risk of unauthorized operations or information disclosure.
CVE-2026-53825 Path Traversal in openclaw (CVE-2026-53825)
path traversal in openclaw (CVE-2026-53825). Confidential information can be exposed externally.
CVE-2026-53824 Vulnerability in openclaw (CVE-2026-53824)
vulnerability in openclaw (CVE-2026-53824). Data can be tampered with by attackers.
CVE-2026-53823 Vulnerability in privilege-escalation (CVE-2026-53823)
vulnerability in privilege-escalation (CVE-2026-53823). Confidential information can be exposed externally.
CVE-2026-53822 Command Injection in openclaw (CVE-2026-53822)
command injection in openclaw (CVE-2026-53822). Successful exploitation can lead to full system takeover.
CVE-2026-53821 Vulnerability in openclaw (CVE-2026-53821)
vulnerability in openclaw (CVE-2026-53821). Successful exploitation can lead to full system takeover.
CVE-2026-53820 Vulnerability in openclaw (CVE-2026-53820)
vulnerability in openclaw (CVE-2026-53820). Data can be tampered with by attackers.
CVE-2026-53807 Authorization Flaw in openclaw (CVE-2026-53807)
vulnerability in openclaw (CVE-2026-53807). Successful exploitation can lead to full system takeover.
CVE-2026-53808 Authorization Flaw in openclaw (CVE-2026-53808)
vulnerability in openclaw (CVE-2026-53808). Data can be tampered with by attackers.
CVE-2026-53818 Vulnerability in openclaw (CVE-2026-53818)
vulnerability in openclaw (CVE-2026-53818). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.24` or later.
CVE-2026-53819 Vulnerability in openclaw (CVE-2026-53819)
vulnerability in openclaw (CVE-2026-53819). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.27` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →