OpenClaw
Security Risk Profile
Security Risk Score
Comprehensive risk assessment based on 498 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from February 1, 2026 to present
Threat Assessment
Severity Distribution
Exploit Likelihood
Age Distribution
Common Weaknesses (CWE)
Most Affected Products
Recent Vulnerabilities
See more →OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass
OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Directory
OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation
OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files
OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping
OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access
OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation
OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events
OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools
OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions
Monitor OpenClaw in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.