SecAlerts
CVE ListPricingSign Up
OpenClaw logo

OpenClaw

Security Risk Profile

48
/100
medium

Security Risk Score

Comprehensive risk assessment based on 498 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from February 1, 2026 to present

498
Total CVEs
227
Critical+High
1
Exploited
47
Unpatched

Threat Assessment

Avg CVSS
6.6
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
47
Critical/High
Risk Level
48/100
medium
⚠️ 1 Active Exploits📈 127 in Last 30 Days

Severity Distribution

Critical
38
High
189
Medium
224
Low
45

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
114

Age Distribution

Common Weaknesses (CWE)

1
Path Traversal
36
2
SSRF
35
3
OS Command Injection
28
4
Command Injection
18
5
Race Condition
9

Most Affected Products

1. OpenClaw Openclaw Node.js472
2. OpenClaw OpenClaw394
3. OpenClaw57
4. npm/openclaw45
5. npm/clawdbot5

Recent Vulnerabilities

See more →
CVE-2026-45006
CVSS 7.7high

OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass

5/11/2026
CVE-2026-45004
CVSS 8.4high

OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Directory

5/11/2026
CVE-2026-45005
CVSS 5.9medium

OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation

5/11/2026
CVE-2026-45003
CVSS 4.1medium

OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files

5/11/2026
CVE-2026-45002
CVSS 6.3medium

OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping

5/11/2026
CVE-2026-45001
CVSS 6.0medium

OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access

5/11/2026
CVE-2026-45000
CVSS 2.3low

OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

5/11/2026
CVE-2026-44999
CVSS 6.3medium

OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events

5/11/2026
CVE-2026-44998
CVSS 2.3low

OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

5/11/2026
CVE-2026-44997
CVSS 2.3low

OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions

5/11/2026

Monitor OpenClaw in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

OpenClaw Security Vulnerabilities & Risk Score | 498 CVEs | SecAlerts - SecAlerts