Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53866 |
|
OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
|
| CVE-2026-53865 |
|
Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53864 |
|
OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
|
| CVE-2026-53863 |
|
Vulnerability in openclaw (CVE-2026-53863)
vulnerability in openclaw (CVE-2026-53863). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53862 |
|
Privilege Escalation in openclaw (CVE-2026-53862)
vulnerability in openclaw (CVE-2026-53862). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-53861 |
|
Vulnerability in openclaw (CVE-2026-53861)
vulnerability in openclaw (CVE-2026-53861). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.6` or later.
|
| CVE-2026-53856 |
|
Vulnerability in openclaw (CVE-2026-53856)
vulnerability in openclaw (CVE-2026-53856). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.24` or later.
|
| CVE-2026-53857 |
|
OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
|
| CVE-2026-53858 |
|
Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53859 |
|
Vulnerability in openclaw (CVE-2026-53859)
vulnerability in openclaw (CVE-2026-53859). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.26` or later.
|
| CVE-2026-53860 |
|
Authorization Flaw in openclaw (CVE-2026-53860)
vulnerability in openclaw (CVE-2026-53860). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.7` or later.
|
| CVE-2026-53855 |
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
| CVE-2026-53854 |
|
Authorization Flaw in openclaw (CVE-2026-53854)
vulnerability in openclaw (CVE-2026-53854). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53853 |
|
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
|
| CVE-2026-53852 |
|
Vulnerability in openclaw (CVE-2026-53852)
vulnerability in openclaw (CVE-2026-53852). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53851 |
|
Vulnerability in openclaw (CVE-2026-53851)
vulnerability in openclaw (CVE-2026-53851). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-53850 |
|
Vulnerability in openclaw (CVE-2026-53850)
vulnerability in openclaw (CVE-2026-53850). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53849 |
|
OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
|
| CVE-2026-53843 |
|
OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
|
| CVE-2026-53842 |
|
Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53844 |
|
Vulnerability in openclaw (CVE-2026-53844)
vulnerability in openclaw (CVE-2026-53844). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
|
| CVE-2026-53845 |
|
Vulnerability in openclaw (CVE-2026-53845)
vulnerability in openclaw (CVE-2026-53845). Risk of unauthorized operations or information disclosure. Exploitable via ``runBeforeToolCallHook``. Mitigation: upgrade to `2026.5.6` or later.
|
| CVE-2026-53847 |
|
Vulnerability in openclaw (CVE-2026-53847)
vulnerability in openclaw (CVE-2026-53847). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.write``. Mitigation: upgrade to `2026.5.6` or later.
|
| CVE-2026-53848 |
|
OS Command Injection in openclaw (CVE-2026-53848)
OS command injection in openclaw (CVE-2026-53848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.26` or later.
|
| CVE-2026-53846 |
|
Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
|
| CVE-2026-53841 |
|
Cross-Site Scripting (XSS) in openclaw (CVE-2026-53841)
cross-site scripting in openclaw (CVE-2026-53841). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-53840 |
|
Vulnerability in openclaw (CVE-2026-53840)
vulnerability in openclaw (CVE-2026-53840). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-53839 |
|
Vulnerability in openclaw (CVE-2026-53839)
vulnerability in openclaw (CVE-2026-53839). Confidential information can be exposed externally.
|
| CVE-2026-53838 |
|
Vulnerability in openclaw (CVE-2026-53838)
vulnerability in openclaw (CVE-2026-53838). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53837 |
|
Vulnerability in openclaw (CVE-2026-53837)
vulnerability in openclaw (CVE-2026-53837). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53836 |
|
Vulnerability in openclaw (CVE-2026-53836)
vulnerability in openclaw (CVE-2026-53836). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53835 |
|
Authorization Flaw in openclaw (CVE-2026-53835)
vulnerability in openclaw (CVE-2026-53835). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53834 |
|
Authorization Flaw in openclaw (CVE-2026-53834)
vulnerability in openclaw (CVE-2026-53834). Data can be tampered with by attackers.
|
| CVE-2026-53831 |
|
Vulnerability in openclaw (CVE-2026-53831)
vulnerability in openclaw (CVE-2026-53831). Confidential information can be exposed externally.
|
| CVE-2026-53827 |
|
SSRF (Server-Side Request Forgery) in openclaw (CVE-2026-53827)
SSRF in openclaw (CVE-2026-53827). Confidential information can be exposed externally.
|
| CVE-2026-53828 |
|
Authorization Flaw in openclaw (CVE-2026-53828)
vulnerability in openclaw (CVE-2026-53828). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53829 |
|
Vulnerability in openclaw (CVE-2026-53829)
vulnerability in openclaw (CVE-2026-53829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53830 |
|
Vulnerability in openclaw (CVE-2026-53830)
vulnerability in openclaw (CVE-2026-53830). Data can be tampered with by attackers.
|
| CVE-2026-53833 |
|
Vulnerability in openclaw (CVE-2026-53833)
vulnerability in openclaw (CVE-2026-53833). Confidential information can be exposed externally.
|
| CVE-2026-53826 |
|
Vulnerability in c (CVE-2026-53826)
vulnerability in c (CVE-2026-53826). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53825 |
|
Path Traversal in openclaw (CVE-2026-53825)
path traversal in openclaw (CVE-2026-53825). Confidential information can be exposed externally.
|
| CVE-2026-53824 |
|
Vulnerability in openclaw (CVE-2026-53824)
vulnerability in openclaw (CVE-2026-53824). Data can be tampered with by attackers.
|
| CVE-2026-53823 |
|
Vulnerability in privilege-escalation (CVE-2026-53823)
vulnerability in privilege-escalation (CVE-2026-53823). Confidential information can be exposed externally.
|
| CVE-2026-53822 |
|
Command Injection in openclaw (CVE-2026-53822)
command injection in openclaw (CVE-2026-53822). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53821 |
|
Vulnerability in openclaw (CVE-2026-53821)
vulnerability in openclaw (CVE-2026-53821). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53820 |
|
Vulnerability in openclaw (CVE-2026-53820)
vulnerability in openclaw (CVE-2026-53820). Data can be tampered with by attackers.
|
| CVE-2026-53807 |
|
Authorization Flaw in openclaw (CVE-2026-53807)
vulnerability in openclaw (CVE-2026-53807). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53808 |
|
Authorization Flaw in openclaw (CVE-2026-53808)
vulnerability in openclaw (CVE-2026-53808). Data can be tampered with by attackers.
|
| CVE-2026-53818 |
|
Vulnerability in openclaw (CVE-2026-53818)
vulnerability in openclaw (CVE-2026-53818). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.24` or later.
|
| CVE-2026-53819 |
|
Vulnerability in openclaw (CVE-2026-53819)
vulnerability in openclaw (CVE-2026-53819). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.27` or later.
|