By vendor

Openclaw vulnerabilities

Known CVEs affecting Openclaw products, prioritized by severity, with SEC.co remediation and detection guidance.

6 published vulnerabilities

  • CVE-2026-35674HIGH 8.8

    OpenClaw versions before 2026.5.18 contain a privilege escalation flaw in their chat messaging system. An attacker with basic operator permissions can bypass security controls meant to restrict high-risk actions—such as modifying plugins, configurations, or access policies—by sending commands through internal message routes. This allows someone with limited access to act as if they have full administrative privileges.

  • CVE-2026-32905HIGH 8.3

    OpenClaw versions before 2026.5.4 contain a flaw that lets users with basic chat access create device enrollment codes they shouldn't be able to generate. An attacker with legitimate chat permissions can issue bootstrap codes that add new devices with full operator and node-level capabilities to the system. Once enrolled, these devices retain administrative credentials indefinitely until an administrator manually removes them, creating a persistent backdoor.

  • CVE-2026-35630HIGH 8.0

    OpenClaw versions before 2026.5.18 have an authorization bypass flaw in the QQBot approval workflow. Users who are not designated approvers can click approval buttons to authorize pending requests for code execution or plugin installations—permissions they should not have. An attacker with basic OpenClaw access could escalate their capabilities by approving requests they have no business approving, effectively bypassing the system's governance controls.

  • CVE-2026-35673MEDIUM 6.5

    OpenClaw versions before 2026.4.29 contain a Server-Side Request Forgery (SSRF) policy bypass that allows authenticated users to circumvent network security controls. The vulnerability exists in browser debug and export functionality, where attackers can reuse previously-blocked tabs to access or export content that should remain restricted by private-network SSRF policies. This is a policy evasion technique rather than a direct network breach—the attacker must already have authenticated access to these routes, but can then leverage that access to reach otherwise-protected resources.

  • CVE-2026-34507MEDIUM 5.4

    OpenClaw versions before 2026.4.29 contain a flaw that allows authenticated users to bypass security policies protecting sensitive admin commands. Specifically, attackers can circumvent message delivery restrictions (DM-only policy) and sender authorization checks (allowFrom policy), enabling them to execute administrative functions from contexts or senders that should be blocked. The vulnerability requires an attacker to already have authentication credentials, limiting its blast radius but creating insider risk and account compromise scenarios.

  • CVE-2026-32906MEDIUM 4.3

    OpenClaw versions prior to 2026.5.12 contain a privilege escalation flaw in their Slack plugin approval system. Users who hold limited exec approval permissions can manipulate the approval workflow to bypass intended authorization checks, allowing them to approve plugin actions that should require additional oversight or operator configuration. The vulnerability requires an authenticated user to exploit, reducing but not eliminating risk in environments with permissive access controls.