HIGH 7.1 npm
GHSA-3fqr-4cg8-h96q · CVE-2026-26317 OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
수정: 2026. 2. 20.
package
npm / clawdbot
pkg:npm/clawdbot
LOW npm
GHSA-chm2-m3w2-wcxm OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch
수정: 2026. 2. 17.
MEDIUM 6.5 npm
GHSA-g34w-4xqq-h79m · CVE-2026-26328 OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities
수정: 2026. 2. 20.
HIGH 8.8 npm
GHSA-g8p2-7wf7-98mq · CVE-2026-25253 OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
수정: 2026. 2. 3.
MEDIUM 6.5 npm
GHSA-h89v-j3x9-8wqj · CVE-2026-28452 OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
수정: 2026. 3. 6.
HIGH 8.8 npm
GHSA-mc68-q9jw-2h3v · CVE-2026-24763 OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
수정: 2026. 2. 3.
MEDIUM 5.9 npm
GHSA-mj5r-hh7j-4gxf · CVE-2026-28480 OpenClaw Telegram allowlist authorization accepted mutable usernames
수정: 2026. 3. 6.
HIGH 7.7 npm
GHSA-q284-4pvr-m585 · CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand
수정: 2026. 2. 4.
HIGH 7.5 npm
GHSA-q447-rj3r-2cgh · CVE-2026-28478 OpenClaw affected by denial of service via unbounded webhook request body buffering
수정: 2026. 3. 5.
CRITICAL 9.8 npm
GHSA-rq6g-px6m-c248 · CVE-2026-28469 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
수정: 2026. 3. 6.
MEDIUM 5.5 npm
GHSA-w2cg-vxx6-5xjg · CVE-2026-29612 OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks
수정: 2026. 3. 6.