Where
-Infinity
0

Trending

Last week
Last month
Last year

OpenClaw OpenClawOpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass

Risk 79
Severity
7.7
First published (updated )
CVE-2026-45006

OpenClaw OpenClawOpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Directory

Risk 74
Severity
8.4
First published (updated )
CVE-2026-45004

OpenClaw OpenClawOpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files

Risk 29
Severity
4.1
First published (updated )
CVE-2026-45003

OpenClaw OpenClawOpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping

Risk 29
Severity
6.3
First published (updated )
CVE-2026-45002

OpenClaw OpenClawOpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access

Risk 48
Severity
6
First published (updated )
CVE-2026-45001
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClaw OpenClawOpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

Risk 26
Severity
2.3
First published (updated )
CVE-2026-45000

OpenClaw OpenClawOpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events

Risk 29
Severity
6.3
First published (updated )
CVE-2026-44999

OpenClaw OpenClawOpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

Risk 34
Severity
2.3
First published (updated )
CVE-2026-44998

OpenClaw OpenClawOpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions

Risk 22
Severity
2.3
First published (updated )
CVE-2026-44997

OpenClaw OpenClawOpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables

Risk 64
Severity
5.4
First published (updated )
CVE-2026-44995
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClaw OpenClawOpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding

Risk 29
Severity
6.3
First published (updated )
CVE-2026-44996

OpenClaw OpenClawOpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoint

Risk 29
Severity
6.3
First published (updated )
CVE-2026-44994

OpenClaw OpenClawOpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions

Risk 34
Severity
2.3
First published (updated )
CVE-2026-44993

OpenClaw OpenClawOpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv

Risk 29
Severity
4.1
First published (updated )
CVE-2026-44992

OpenClaw OpenClawOpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders

Risk 29
Severity
2.3
First published (updated )
CVE-2026-44991
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClaw OpenClawOpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header

Risk 76
Severity
8.5
First published (updated )
CVE-2026-44118

OpenClaw OpenClawOpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload

Risk 30
Severity
6.3
First published (updated )
CVE-2026-44117

OpenClaw OpenClawOpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation

Risk 49
Severity
6.9
First published (updated )
CVE-2026-44116

OpenClaw OpenClawOpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist

Risk 82
Severity
8.7
First published (updated )
CVE-2026-44115

OpenClaw OpenClawOpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv

Risk 72
Severity
8.5
First published (updated )
CVE-2026-44114
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClaw OpenClawOpenClaw < 2026.4.22 - Time-of-Check/Time-of-Use Race Condition in OpenShell FS Bridge

Risk 46
Severity
8.3
First published (updated )
CVE-2026-44113

OpenClaw OpenClawOpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes

Risk 71
Severity
8.4
First published (updated )
CVE-2026-44112

OpenClaw OpenClawOpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get

Risk 22
Severity
2.3
First published (updated )
CVE-2026-44111

OpenClaw OpenClawOpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

Risk 79
Severity
7.7
First published (updated )
CVE-2026-44110

OpenClaw OpenClawOpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation

Risk 86
Severity
9.2
First published (updated )
CVE-2026-44109
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClaw OpenClawOpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy

Risk 79
Severity
8.7
First published (updated )
CVE-2026-43584

OpenClaw OpenClawOpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution

Risk 86
Severity
9.2
First published (updated )
CVE-2026-43585

OpenClaw OpenClawOpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery

Risk 38
Severity
6
First published (updated )
CVE-2026-43583

OpenClaw OpenClawOpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass

Risk 37
Severity
4.9
First published (updated )
CVE-2026-43582

OpenClaw OpenClawOpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions

Risk 44
Severity
4.9
First published (updated )
CVE-2026-43580
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203