Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
GHSA-6c4r-g249-wv3c Vulnerability in openclaw (GHSA-6c4r-g249-wv3c)
vulnerability in openclaw (GHSA-6c4r-g249-wv3c). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.26` or later.
GHSA-77pv-3w4q-vrj5 Authorization Flaw in openclaw (GHSA-77pv-3w4q-vrj5)
vulnerability in openclaw (GHSA-77pv-3w4q-vrj5). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.27` or later.
GHSA-xr4f-mjxj-w6w5 Authorization Flaw in openclaw (GHSA-xr4f-mjxj-w6w5)
vulnerability in openclaw (GHSA-xr4f-mjxj-w6w5). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.4` or later.
GHSA-hcm3-8f6r-6xwg Vulnerability in openclaw (GHSA-hcm3-8f6r-6xwg)
vulnerability in openclaw (GHSA-hcm3-8f6r-6xwg). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.29` or later.
GHSA-grc3-2j34-p6gm Vulnerability in openclaw (GHSA-grc3-2j34-p6gm)
vulnerability in openclaw (GHSA-grc3-2j34-p6gm). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.2` or later.
GHSA-w4v6-g3wm-w36c Authorization Flaw in openclaw (GHSA-w4v6-g3wm-w36c)
vulnerability in openclaw (GHSA-w4v6-g3wm-w36c). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.29` or later.
GHSA-gp79-m99v-gjmh Vulnerability in openclaw (GHSA-gp79-m99v-gjmh)
vulnerability in openclaw (GHSA-gp79-m99v-gjmh). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.6` or later.
GHSA-qjpc-qf9m-xwmr Vulnerability in openclaw (GHSA-qjpc-qf9m-xwmr)
vulnerability in openclaw (GHSA-qjpc-qf9m-xwmr). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.admin``. Mitigation: upgrade to `2026.5.18` or later.
GHSA-c29c-2q9c-pc86 Vulnerability in openclaw (GHSA-c29c-2q9c-pc86)
vulnerability in openclaw (GHSA-c29c-2q9c-pc86). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.3` or later.
CVE-2026-13743 Vulnerability in cisa (CVE-2026-13743)
vulnerability in cisa (CVE-2026-13743). Risk of unauthorized operations or information disclosure.
GHSA-cqwv-9qjx-vxw2 Vulnerability in openclaw (GHSA-cqwv-9qjx-vxw2)
vulnerability in openclaw (GHSA-cqwv-9qjx-vxw2). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.6` or later.
GHSA-jvm4-4j77-39p6 Authorization Flaw in openclaw (GHSA-jvm4-4j77-39p6)
vulnerability in openclaw (GHSA-jvm4-4j77-39p6). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.29` or later.
GHSA-83w9-h5wv-j9xm Vulnerability in openclaw (GHSA-83w9-h5wv-j9xm)
vulnerability in openclaw (GHSA-83w9-h5wv-j9xm). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.27` or later.
GHSA-wv26-j37q-2g7p Authorization Flaw in openclaw (GHSA-wv26-j37q-2g7p)
vulnerability in openclaw (GHSA-wv26-j37q-2g7p). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
GHSA-p2fh-f5fc-44hr Vulnerability in openclaw (GHSA-p2fh-f5fc-44hr)
vulnerability in openclaw (GHSA-p2fh-f5fc-44hr). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.write``. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-58455 OS Command Injection in CVE-2026-58455 (CVE-2026-58455)
OS command injection in CVE-2026-58455 (CVE-2026-58455). Successful exploitation can lead to full system takeover.
CVE-2026-44941 Vulnerability in path-traversal (CVE-2026-44941)
vulnerability in path-traversal (CVE-2026-44941). Successful exploitation can lead to full system takeover.
GHSA-hw9r-h9mr-4jff Vulnerability in openclaw (GHSA-hw9r-h9mr-4jff)
vulnerability in openclaw (GHSA-hw9r-h9mr-4jff). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.approvals``. Mitigation: upgrade to `2026.5.18` or later.
GHSA-mhq8-78pj-5j79 OS Command Injection in openclaw (GHSA-mhq8-78pj-5j79)
OS command injection in openclaw (GHSA-mhq8-78pj-5j79). Risk of unauthorized operations or information disclosure. Exploitable via ``system.run``. Mitigation: upgrade to `2026.5.18` or later.
GHSA-mgq6-vr84-7m2j Vulnerability in openclaw (GHSA-mgq6-vr84-7m2j)
vulnerability in openclaw (GHSA-mgq6-vr84-7m2j). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.18` or later.
GHSA-rggc-m335-3wvj Privilege Escalation in openclaw (GHSA-rggc-m335-3wvj)
vulnerability in openclaw (GHSA-rggc-m335-3wvj). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.18` or later.
GHSA-2j8v-hwgc-x698 Vulnerability in Openclaw (GHSA-2j8v-hwgc-x698)
vulnerability in Openclaw (GHSA-2j8v-hwgc-x698). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.18` or later.
GHSA-qh2f-99mv-mrcf OS Command Injection in openclaw (GHSA-qh2f-99mv-mrcf)
OS command injection in openclaw (GHSA-qh2f-99mv-mrcf). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
GHSA-xww8-gqvh-92x9 Vulnerability in openclaw (GHSA-xww8-gqvh-92x9)
vulnerability in openclaw (GHSA-xww8-gqvh-92x9). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.18` or later.
CVE-2026-56842 Authorization Flaw in ui (CVE-2026-56842)
vulnerability in ui (CVE-2026-56842). Successful exploitation can lead to full system takeover.
CVE-2026-9272 SQL Injection in progress (CVE-2026-9272)
SQL injection in progress (CVE-2026-9272). Confidential information can be exposed externally.
CVE-2026-8079 Authorization Flaw in progress (CVE-2026-8079)
vulnerability in progress (CVE-2026-8079). Confidential information can be exposed externally.
CVE-2026-55116 Vulnerability in CVE-2026-55116 (CVE-2026-55116)
vulnerability in CVE-2026-55116 (CVE-2026-55116). Successful exploitation can lead to full system takeover.
CVE-2026-55119 Vulnerability in CVE-2026-55119 (CVE-2026-55119)
vulnerability in CVE-2026-55119 (CVE-2026-55119). Confidential information can be exposed externally.
CVE-2026-56841 SQL Injection in sqli (CVE-2026-56841)
SQL injection in sqli (CVE-2026-56841). Successful exploitation can lead to full system takeover.
CVE-2026-55118 Vulnerability in ui (CVE-2026-55118)
vulnerability in ui (CVE-2026-55118). Data can be tampered with by attackers.
CVE-2026-55117 Path Traversal in path-traversal (CVE-2026-55117)
path traversal in path-traversal (CVE-2026-55117). Confidential information can be exposed externally.
CVE-2026-56004 OS Command Injection in CVE-2026-56004 (CVE-2026-56004)
OS command injection in CVE-2026-56004 (CVE-2026-56004). Successful exploitation can lead to full system takeover.
CVE-2026-55114 Vulnerability in ui (CVE-2026-55114)
vulnerability in ui (CVE-2026-55114). Successful exploitation can lead to full system takeover.
CVE-2026-55113 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55113)
SSRF in ssrf (CVE-2026-55113). Risk of unauthorized operations or information disclosure.
CVE-2026-55115 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55115)
SSRF in ssrf (CVE-2026-55115). Successful exploitation can lead to full system takeover.
CVE-2026-55112 Vulnerability in CVE-2026-55112 (CVE-2026-55112)
vulnerability in CVE-2026-55112 (CVE-2026-55112). Successful exploitation can lead to full system takeover.
CVE-2026-54408 Vulnerability in ui (CVE-2026-54408)
vulnerability in ui (CVE-2026-54408). Confidential information can be exposed externally.
CVE-2026-55111 Path Traversal in path-traversal (CVE-2026-55111)
path traversal in path-traversal (CVE-2026-55111). Confidential information can be exposed externally.
CVE-2026-55110 Vulnerability in CVE-2026-55110 (CVE-2026-55110)
vulnerability in CVE-2026-55110 (CVE-2026-55110). Successful exploitation can lead to full system takeover.
CVE-2026-54409 Vulnerability in ui (CVE-2026-54409)
vulnerability in ui (CVE-2026-54409). Successful exploitation can lead to full system takeover.
CVE-2026-54407 Vulnerability in ui (CVE-2026-54407)
vulnerability in ui (CVE-2026-54407). Risk of unauthorized operations or information disclosure.
CVE-2026-50747 SQL Injection in sqli (CVE-2026-50747)
SQL injection in sqli (CVE-2026-50747). Successful exploitation can lead to full system takeover.
CVE-2026-54400 Vulnerability in CVE-2026-54400 (CVE-2026-54400)
vulnerability in CVE-2026-54400 (CVE-2026-54400). Successful exploitation can lead to full system takeover.
CVE-2026-53357 Vulnerability in CVE-2026-53357 (CVE-2026-53357)
vulnerability in CVE-2026-53357 (CVE-2026-53357). Risk of unauthorized operations or information disclosure.
CVE-2026-54404 SQL Injection in sqli (CVE-2026-54404)
SQL injection in sqli (CVE-2026-54404). Successful exploitation can lead to full system takeover.
CVE-2026-54403 Path Traversal in path-traversal (CVE-2026-54403)
path traversal in path-traversal (CVE-2026-54403). Confidential information can be exposed externally.
CVE-2026-54401 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54401)
SSRF in ssrf (CVE-2026-54401). Confidential information can be exposed externally.
CVE-2026-5524 Unrestricted File Upload in wordpress (CVE-2026-5524)
vulnerability in wordpress (CVE-2026-5524). Successful exploitation can lead to full system takeover.
CVE-2026-53358 Vulnerability in CVE-2026-53358 (CVE-2026-53358)
vulnerability in CVE-2026-53358 (CVE-2026-53358). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →