HIGH 7.1 npm
GHSA-3fqr-4cg8-h96q · CVE-2026-26317 OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
Modified: 2/20/2026
package
npm / clawdbot
pkg:npm/clawdbot
LOW npm
GHSA-chm2-m3w2-wcxm OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch
Modified: 2/17/2026
MEDIUM 6.5 npm
GHSA-g34w-4xqq-h79m · CVE-2026-26328 OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities
Modified: 2/20/2026
HIGH 8.8 npm
GHSA-g8p2-7wf7-98mq · CVE-2026-25253 OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
Modified: 2/3/2026
MEDIUM 6.5 npm
GHSA-h89v-j3x9-8wqj · CVE-2026-28452 OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
Modified: 3/6/2026
HIGH 8.8 npm
GHSA-mc68-q9jw-2h3v · CVE-2026-24763 OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Modified: 2/3/2026
MEDIUM 5.9 npm
GHSA-mj5r-hh7j-4gxf · CVE-2026-28480 OpenClaw Telegram allowlist authorization accepted mutable usernames
Modified: 3/6/2026
HIGH 7.7 npm
GHSA-q284-4pvr-m585 · CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand
Modified: 2/4/2026
HIGH 7.5 npm
GHSA-q447-rj3r-2cgh · CVE-2026-28478 OpenClaw affected by denial of service via unbounded webhook request body buffering
Modified: 3/5/2026
CRITICAL 9.8 npm
GHSA-rq6g-px6m-c248 · CVE-2026-28469 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
Modified: 3/6/2026
MEDIUM 5.5 npm
GHSA-w2cg-vxx6-5xjg · CVE-2026-29612 OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks
Modified: 3/6/2026