Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| GHSA-6c4r-g249-wv3c |
|
Vulnerability in openclaw (GHSA-6c4r-g249-wv3c)
vulnerability in openclaw (GHSA-6c4r-g249-wv3c). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.26` or later.
|
| GHSA-77pv-3w4q-vrj5 |
|
Authorization Flaw in openclaw (GHSA-77pv-3w4q-vrj5)
vulnerability in openclaw (GHSA-77pv-3w4q-vrj5). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.27` or later.
|
| GHSA-xr4f-mjxj-w6w5 |
|
Authorization Flaw in openclaw (GHSA-xr4f-mjxj-w6w5)
vulnerability in openclaw (GHSA-xr4f-mjxj-w6w5). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.4` or later.
|
| GHSA-hcm3-8f6r-6xwg |
|
Vulnerability in openclaw (GHSA-hcm3-8f6r-6xwg)
vulnerability in openclaw (GHSA-hcm3-8f6r-6xwg). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.29` or later.
|
| GHSA-grc3-2j34-p6gm |
|
Vulnerability in openclaw (GHSA-grc3-2j34-p6gm)
vulnerability in openclaw (GHSA-grc3-2j34-p6gm). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.2` or later.
|
| GHSA-w4v6-g3wm-w36c |
|
Authorization Flaw in openclaw (GHSA-w4v6-g3wm-w36c)
vulnerability in openclaw (GHSA-w4v6-g3wm-w36c). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.29` or later.
|
| GHSA-gp79-m99v-gjmh |
|
Vulnerability in openclaw (GHSA-gp79-m99v-gjmh)
vulnerability in openclaw (GHSA-gp79-m99v-gjmh). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.6` or later.
|
| GHSA-qjpc-qf9m-xwmr |
|
Vulnerability in openclaw (GHSA-qjpc-qf9m-xwmr)
vulnerability in openclaw (GHSA-qjpc-qf9m-xwmr). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.admin``. Mitigation: upgrade to `2026.5.18` or later.
|
| GHSA-c29c-2q9c-pc86 |
|
Vulnerability in openclaw (GHSA-c29c-2q9c-pc86)
vulnerability in openclaw (GHSA-c29c-2q9c-pc86). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.3` or later.
|
| CVE-2026-13743 |
|
Vulnerability in cisa (CVE-2026-13743)
vulnerability in cisa (CVE-2026-13743). Risk of unauthorized operations or information disclosure.
|
| GHSA-cqwv-9qjx-vxw2 |
|
Vulnerability in openclaw (GHSA-cqwv-9qjx-vxw2)
vulnerability in openclaw (GHSA-cqwv-9qjx-vxw2). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.6` or later.
|
| GHSA-jvm4-4j77-39p6 |
|
Authorization Flaw in openclaw (GHSA-jvm4-4j77-39p6)
vulnerability in openclaw (GHSA-jvm4-4j77-39p6). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.29` or later.
|
| GHSA-83w9-h5wv-j9xm |
|
Vulnerability in openclaw (GHSA-83w9-h5wv-j9xm)
vulnerability in openclaw (GHSA-83w9-h5wv-j9xm). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.27` or later.
|
| GHSA-wv26-j37q-2g7p |
|
Authorization Flaw in openclaw (GHSA-wv26-j37q-2g7p)
vulnerability in openclaw (GHSA-wv26-j37q-2g7p). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| GHSA-p2fh-f5fc-44hr |
|
Vulnerability in openclaw (GHSA-p2fh-f5fc-44hr)
vulnerability in openclaw (GHSA-p2fh-f5fc-44hr). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.write``. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-58455 |
|
OS Command Injection in CVE-2026-58455 (CVE-2026-58455)
OS command injection in CVE-2026-58455 (CVE-2026-58455). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44941 |
|
Vulnerability in path-traversal (CVE-2026-44941)
vulnerability in path-traversal (CVE-2026-44941). Successful exploitation can lead to full system takeover.
|
| GHSA-hw9r-h9mr-4jff |
|
Vulnerability in openclaw (GHSA-hw9r-h9mr-4jff)
vulnerability in openclaw (GHSA-hw9r-h9mr-4jff). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.approvals``. Mitigation: upgrade to `2026.5.18` or later.
|
| GHSA-mhq8-78pj-5j79 |
|
OS Command Injection in openclaw (GHSA-mhq8-78pj-5j79)
OS command injection in openclaw (GHSA-mhq8-78pj-5j79). Risk of unauthorized operations or information disclosure. Exploitable via ``system.run``. Mitigation: upgrade to `2026.5.18` or later.
|
| GHSA-mgq6-vr84-7m2j |
|
Vulnerability in openclaw (GHSA-mgq6-vr84-7m2j)
vulnerability in openclaw (GHSA-mgq6-vr84-7m2j). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.18` or later.
|
| GHSA-rggc-m335-3wvj |
|
Privilege Escalation in openclaw (GHSA-rggc-m335-3wvj)
vulnerability in openclaw (GHSA-rggc-m335-3wvj). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.18` or later.
|
| GHSA-2j8v-hwgc-x698 |
|
Vulnerability in Openclaw (GHSA-2j8v-hwgc-x698)
vulnerability in Openclaw (GHSA-2j8v-hwgc-x698). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.18` or later.
|
| GHSA-qh2f-99mv-mrcf |
|
OS Command Injection in openclaw (GHSA-qh2f-99mv-mrcf)
OS command injection in openclaw (GHSA-qh2f-99mv-mrcf). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| GHSA-xww8-gqvh-92x9 |
|
Vulnerability in openclaw (GHSA-xww8-gqvh-92x9)
vulnerability in openclaw (GHSA-xww8-gqvh-92x9). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.18` or later.
|
| CVE-2026-56842 |
|
Authorization Flaw in ui (CVE-2026-56842)
vulnerability in ui (CVE-2026-56842). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9272 |
|
SQL Injection in progress (CVE-2026-9272)
SQL injection in progress (CVE-2026-9272). Confidential information can be exposed externally.
|
| CVE-2026-8079 |
|
Authorization Flaw in progress (CVE-2026-8079)
vulnerability in progress (CVE-2026-8079). Confidential information can be exposed externally.
|
| CVE-2026-55116 |
|
Vulnerability in CVE-2026-55116 (CVE-2026-55116)
vulnerability in CVE-2026-55116 (CVE-2026-55116). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55119 |
|
Vulnerability in CVE-2026-55119 (CVE-2026-55119)
vulnerability in CVE-2026-55119 (CVE-2026-55119). Confidential information can be exposed externally.
|
| CVE-2026-56841 |
|
SQL Injection in sqli (CVE-2026-56841)
SQL injection in sqli (CVE-2026-56841). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55118 |
|
Vulnerability in ui (CVE-2026-55118)
vulnerability in ui (CVE-2026-55118). Data can be tampered with by attackers.
|
| CVE-2026-55117 |
|
Path Traversal in path-traversal (CVE-2026-55117)
path traversal in path-traversal (CVE-2026-55117). Confidential information can be exposed externally.
|
| CVE-2026-56004 |
|
OS Command Injection in CVE-2026-56004 (CVE-2026-56004)
OS command injection in CVE-2026-56004 (CVE-2026-56004). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55114 |
|
Vulnerability in ui (CVE-2026-55114)
vulnerability in ui (CVE-2026-55114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55113 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55113)
SSRF in ssrf (CVE-2026-55113). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55115 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55115)
SSRF in ssrf (CVE-2026-55115). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55112 |
|
Vulnerability in CVE-2026-55112 (CVE-2026-55112)
vulnerability in CVE-2026-55112 (CVE-2026-55112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54408 |
|
Vulnerability in ui (CVE-2026-54408)
vulnerability in ui (CVE-2026-54408). Confidential information can be exposed externally.
|
| CVE-2026-55111 |
|
Path Traversal in path-traversal (CVE-2026-55111)
path traversal in path-traversal (CVE-2026-55111). Confidential information can be exposed externally.
|
| CVE-2026-55110 |
|
Vulnerability in CVE-2026-55110 (CVE-2026-55110)
vulnerability in CVE-2026-55110 (CVE-2026-55110). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54409 |
|
Vulnerability in ui (CVE-2026-54409)
vulnerability in ui (CVE-2026-54409). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54407 |
|
Vulnerability in ui (CVE-2026-54407)
vulnerability in ui (CVE-2026-54407). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50747 |
|
SQL Injection in sqli (CVE-2026-50747)
SQL injection in sqli (CVE-2026-50747). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54400 |
|
Vulnerability in CVE-2026-54400 (CVE-2026-54400)
vulnerability in CVE-2026-54400 (CVE-2026-54400). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53357 |
|
Vulnerability in CVE-2026-53357 (CVE-2026-53357)
vulnerability in CVE-2026-53357 (CVE-2026-53357). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54404 |
|
SQL Injection in sqli (CVE-2026-54404)
SQL injection in sqli (CVE-2026-54404). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54403 |
|
Path Traversal in path-traversal (CVE-2026-54403)
path traversal in path-traversal (CVE-2026-54403). Confidential information can be exposed externally.
|
| CVE-2026-54401 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54401)
SSRF in ssrf (CVE-2026-54401). Confidential information can be exposed externally.
|
| CVE-2026-5524 |
|
Unrestricted File Upload in wordpress (CVE-2026-5524)
vulnerability in wordpress (CVE-2026-5524). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53358 |
|
Vulnerability in CVE-2026-53358 (CVE-2026-53358)
vulnerability in CVE-2026-53358 (CVE-2026-53358). Risk of unauthorized operations or information disclosure.
|