Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

openclaw

Source -

NVDCNA

CNA CVEs -

37

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

519
Related CVEsRelated VendorsRelated AssignersReports
519Vulnerabilities found

CVE-2026-62200
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.29% / 21.41%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-15 Jul, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.6.6 Authentication Bypass via Git ext transport

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2026-62199
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.29% / 21.41%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-15 Jul, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.6.6 Authentication Bypass via Environment Filtering

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions beyond the caller's intended authorization.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2026-62198
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 5.62%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-14 Jul, 2026 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute restricted operations.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-62197
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.3||MEDIUM
EPSS-0.20% / 9.84%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-14 Jul, 2026 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-62196
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.23% / 13.77%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-15 Jul, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs

OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected feature.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-62195
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.23% / 13.77%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-15 Jul, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.5.20 < 2026.6.6 Authorization Bypass via MCP loopback

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their intended permissions.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-62194
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.25% / 16.44%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-15 Jul, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate privileges and perform unauthorized actions when the feature is reachable.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-862
Missing Authorization
CVE-2026-62193
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.18% / 8.15%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy (authorization) check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's configuration and whether lower-trust input can reach the affected path. The issue is fixed in 2026.6.9.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-62192
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.2||HIGH
EPSS-0.23% / 14.13%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-14 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.6.6 < 2026.6.9 Authorization Bypass

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester authorization and execute restricted operations.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-62191
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.21% / 10.86%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-14 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.6.6 < 2026.6.9 Authorization Bypass via Message Mutations

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and execute privileged operations when the affected feature is enabled and reachable.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-62190
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.29% / 20.50%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-15 Jul, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.6.9 Authorization Bypass via flock wrapper

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform unauthorized operations when the affected feature is enabled.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-62189
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.6||HIGH
EPSS-0.25% / 15.88%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-15 Jul, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.6.9 Symlink Following via Mirror Sync

OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the feature is enabled and reachable.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-62186
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.2||HIGH
EPSS-0.19% / 9.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 21:30
Updated-14 Jul, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.6.8 Authorization Bypass via HTTP Model Override

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization policies and execute restricted operations.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53866
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.6||HIGH
EPSS-0.26% / 17.55%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabling shell content execution without intended approval prompts.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-862
Missing Authorization
CVE-2026-53865
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.2||HIGH
EPSS-0.12% / 2.06%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by manipulating workspace-derived environment paths.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-53864
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.6||HIGH
EPSS-0.25% / 15.81%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious Node.js control variables to influence child processes or coverage output paths.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2026-53863
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.17% / 6.53%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-17 Jun, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access controls.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-53862
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.09% / 0.49%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-17 Jun, 2026 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-53861
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 15.06%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command execution depending on operator configuration.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2026-53860
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.17% / 6.71%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-17 Jun, 2026 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubbles

OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversation-level identifiers to receive agent responses intended for configured senders, potentially bypassing access controls.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53859
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.27%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-17 Jun, 2026 | 22:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-1023
Incomplete Comparison with Missing Factors
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-53858
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7||HIGH
EPSS-0.12% / 2.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local paths, potentially executing malicious code during dependency resolution.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-53857
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.22% / 13.16%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy

OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent responses intended for different Zalo identities when the feature is enabled.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-53856
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.7||MEDIUM
EPSS-0.09% / 0.75%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.4.23 < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw.json

OpenClaw 2026.4.23 before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts can read sensitive configuration data by exploiting the recovery path to access the restored config file.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-53855
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.6||HIGH
EPSS-0.26% / 17.55%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks

OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to place inline-eval content in shell carriers outside intended allowlist rules, enabling execution of unapproved shell-provided content.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53854
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.24% / 15.69%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Internal/Webchat Commands

OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. Attackers can exploit this by sending commands on affected internal or webchat paths to execute owner-style command behavior outside intended channel scope, potentially bypassing access controls.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53853
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.6||HIGH
EPSS-0.35% / 26.90%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-18 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53852
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.21% / 10.71%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-17 Jun, 2026 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing

OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CVE-2026-53851
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 8.98%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-17 Jun, 2026 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-862
Missing Authorization
CVE-2026-53850
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.8||MEDIUM
EPSS-0.09% / 0.70%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-17 Jun, 2026 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-862
Missing Authorization
CVE-2026-53849
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.27% / 18.45%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-18 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change their display name to match a policy entry and gain unauthorized agent access intended for another Discord identity.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-53848
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.18% / 8.21%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-17 Jun, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers

OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to perform unintended operations.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2026-53847
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 7.32%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-17 Jun, 2026 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope

OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-53846
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7||HIGH
EPSS-0.12% / 2.01%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-18 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath

OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager executables during dependency setup to compromise the build environment.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-53845
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.18% / 8.21%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-17 Jun, 2026 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping

OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy enforcement mechanisms.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-53844
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.27%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-17 Jun, 2026 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that should not be visible to their session.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-862
Missing Authorization
CVE-2026-53843
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.27% / 19.48%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-18 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session

OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and maintaining unauthorized access longer than intended.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-53842
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7||HIGH
EPSS-0.13% / 3.20%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-18 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDK_PYTHON variable to execute setup through unintended local Python paths, potentially enabling arbitrary code execution.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-53841
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.1||LOW
EPSS-0.19% / 8.58%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-17 Jun, 2026 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTML

OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-83
Improper Neutralization of Script in Attributes in a Web Page
CVE-2026-53840
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.22% / 12.90%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:04
Updated-17 Jun, 2026 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirects

OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can redirect requests to exfiltrate sensitive headers like API keys or tenant-routing credentials to attacker-controlled origins.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-53839
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.27% / 18.08%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:57
Updated-14 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoints.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-1023
Incomplete Comparison with Missing Factors
CVE-2026-53838
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.22% / 12.64%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:57
Updated-16 Jun, 2026 | 02:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection

OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval restrictions.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-53837
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 8.64%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:57
Updated-16 Jun, 2026 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers

OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted content.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CVE-2026-53836
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.45% / 36.42%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:56
Updated-16 Jun, 2026 | 00:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks by using unrecognized encoded-command alias forms to execute arbitrary PowerShell content.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CVE-2026-53835
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.17% / 6.12%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:56
Updated-16 Jun, 2026 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding feature to change sender-agent binding state beyond intended policy, potentially enabling unauthorized binding modifications.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53834
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.2||HIGH
EPSS-0.19% / 9.01%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:56
Updated-16 Jun, 2026 | 00:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering command handling from blocked senders depending on operator configuration.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53833
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.4||HIGH
EPSS-0.17% / 6.81%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:56
Updated-14 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching the affected command without non-wildcard allowlist entry requirements.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-53832
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.4||HIGH
EPSS-0.10% / 1.12%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:56
Updated-16 Jun, 2026 | 00:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate privileges.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-53831
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.6||HIGH
EPSS-0.19% / 8.87%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:56
Updated-16 Jun, 2026 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-53830
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.21% / 10.77%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:56
Updated-16 Jun, 2026 | 02:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation, potentially accepting previous credentials.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-613
Insufficient Session Expiration
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next