Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Versions

2026.2.19
1

OpenClaw OpenClawOpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

Risk 26
Severity
2.3
First published (updated )
CVE-2026-45000

OpenClaw OpenClawOpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

Risk 34
Severity
2.3
First published (updated )
CVE-2026-44998

OpenClaw OpenClawOpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions

Risk 22
Severity
2.3
First published (updated )
CVE-2026-44997

OpenClaw OpenClawOpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions

Risk 34
Severity
2.3
First published (updated )
CVE-2026-44993

OpenClaw OpenClawOpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders

Risk 29
Severity
2.3
First published (updated )
CVE-2026-44991
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClaw OpenClawOpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get

Risk 22
Severity
2.3
First published (updated )
CVE-2026-44111

OpenClawOpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator

Risk 14
Severity
2
First published (updated )
CVE-2026-43529

OpenClaw OpenClawOpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rotation

Risk 34
Severity
2.3
First published (updated )
CVE-2026-42421

OpenClaw OpenClawOpenClaw < 2026.4.8 - Stale Authentication State via Config Reload

Risk 34
Severity
2.3
First published (updated )
CVE-2026-41916

OpenClaw OpenClawOpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel Writes

Risk 22
Severity
2.3
First published (updated )
CVE-2026-41910
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClaw OpenClawOpenClaw < 2026.3.31 - Disk Exhaustion via Media Download Bypass

Risk 38
Severity
2.3
First published (updated )
CVE-2026-41408

OpenClaw OpenClawOpenClaw < 2026.3.31 - Sender Allowlist Bypass via Thread History and Quoted Messages

Risk 34
Severity
2.3
First published (updated )
CVE-2026-41406

OpenClaw OpenClawOpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope Bypass

Risk 34
Severity
2.3
First published (updated )
CVE-2026-41402

OpenClaw OpenClawOpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI Bridge

Risk 30
Severity
2.1
First published (updated )
CVE-2026-41398

OpenClawOpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

Risk 34
Severity
2.3
First published (updated )
CVE-2026-41382
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClaw OpenClawOpenClaw < 2026.3.31 - Access Control Bypass in Discord Voice Manager via Channel Allowlist

Risk 34
Severity
2.3
First published (updated )
CVE-2026-41381

OpenClaw OpenClawOpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation

Risk 40
Severity
2.3
First published (updated )
CVE-2026-41376

OpenClaw OpenClawOpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

Risk 22
Severity
2.3
First published (updated )
CVE-2026-41362

OpenClaw OpenClawOpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context

Risk 34
Severity
2.3
First published (updated )
CVE-2026-41358

OpenClaw OpenClawOpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends

Risk 18
Severity
2
First published (updated )
CVE-2026-41357
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClawOpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotate

Risk 34
Severity
2.3
First published (updated )
CVE-2026-41356

OpenClaw OpenClawOpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands

Risk 34
Severity
2.3
First published (updated )
CVE-2026-41348

OpenClawOpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints

Risk 50
Severity
2.3
First published (updated )
CVE-2026-41347

OpenClaw OpenClawOpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension

Risk 34
Severity
2.3
First published (updated )
CVE-2026-41341

OpenClaw OpenClawOpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route

Risk 38
Severity
2.3
First published (updated )
CVE-2026-41908
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenClaw OpenClawOpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy

Risk 29
Severity
2
First published (updated )
CVE-2026-41330

OpenClaw OpenClawOpenClaw < 2026.3.22 - Policy Bypass via Unvalidated Queued Node Actions

Risk 35
Severity
2.3
First published (updated )
CVE-2026-35648

OpenClaw OpenClawOpenClaw assertPublicHostname web-fetch.ts server-side request forgery

Risk 54
Severity
2.9
EPSS
0.10%
First published (updated )
CVE-2026-6011

OpenClaw OpenClawOpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk

Risk 34
Severity
2.3
First published (updated )
CVE-2026-35624

OpenClaw OpenClawOpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName

Risk 34
Severity
2.3
First published (updated )
CVE-2026-35617
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203