openclaw

Top products

The 15 most recently published vulnerabilities affecting openclaw.

• CVE-2026-53866OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing8.1Jun 16, 2026
• CVE-2026-53865OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH7.1Jun 16, 2026
• CVE-2026-53864OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables8.1Jun 16, 2026
• CVE-2026-53863OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy7.1Jun 16, 2026
• CVE-2026-53862OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening4.2Jun 16, 2026
• CVE-2026-53861OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS6.6Jun 16, 2026
• CVE-2026-53860OpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubbles4.2Jun 16, 2026
• CVE-2026-53859OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency6.5Jun 16, 2026
• CVE-2026-53858OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable7.1Jun 16, 2026
• CVE-2026-53857OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy8.1Jun 16, 2026
• CVE-2026-53856OpenClaw 2026.4.23 < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw.json5.5Jun 16, 2026
• CVE-2026-53855OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks8.1Jun 16, 2026
• CVE-2026-53854OpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Internal/Webchat Commands6.5Jun 16, 2026
• CVE-2026-53853OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS8.3Jun 16, 2026
• CVE-2026-53852OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing5.4Jun 16, 2026