每日自动更新

🛡️ UCloud OpenClaw CVEs

安全漏洞追踪面板 — 基于 cvelistV5 + GitHub Advisory Database 数据

17
已发布 CVE
151
安全公告
57
HIGH / CRITICAL
17/17
Pipeline 全部已发布
📋 CVE 列表 🔄 发布流水线 📢 安全公告 📊 漏洞分类 💡 关键洞察

📋 已发布 CVE(cvelistV5)

17
CVE ID严重性CVSS漏洞描述发布日期
CVE-2026-24763 🔴 HIGH 8.8 OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable 2026-02-02
CVE-2026-25253 🔴 HIGH 8.8 OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl 2026-02-01
CVE-2026-28478 🔴 HIGH 8.7 OpenClaw affected by denial of service via unbounded webhook request body buffering 2026-03-05
CVE-2026-28469 🔴 HIGH 8.2 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting 2026-03-05
CVE-2026-32302 🔴 HIGH 8.1 OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode 2026-03-12
CVE-2026-25157 🔴 HIGH 7.8 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand 2026-02-04
CVE-2026-28458 🔴 HIGH 7.4 OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access 2026-03-05
CVE-2026-26317 🔴 HIGH 7.1 OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints 2026-02-19
CVE-2026-28480 🟡 MEDIUM 6.9 OpenClaw Telegram allowlist authorization accepted mutable usernames 2026-03-05
CVE-2026-32063 🟡 MEDIUM 6.9 OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux) 2026-03-11
CVE-2026-27523 🟡 MEDIUM 6.9 OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths 2026-03-18
CVE-2026-29612 🟡 MEDIUM 6.8 OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding 2026-03-05
CVE-2026-28452 🟡 MEDIUM 6.7 OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR) 2026-03-05
CVE-2026-26328 🟡 MEDIUM 6.5 OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities 2026-02-19
CVE-2026-22170 🟡 MEDIUM 6.3 OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty 2026-03-18
CVE-2026-22174 🟡 MEDIUM 5.9 OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe 2026-03-18
CVE-2026-27524 🟢 LOW 2.3 OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path 2026-03-18

🔄 CVE 发布流水线

17/17 已发布
CVE ID状态CNAGHSA 发布日期cvelistV5
CVE-2026-22170 ✅ PUBLISHED VulnCheck 2026-03-04 ✅ 已收录
CVE-2026-22174 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-24763 ✅ PUBLISHED GitHub_M 2026-02-02 ✅ 已收录
CVE-2026-25157 ✅ PUBLISHED GitHub_M 2026-02-02 ✅ 已收录
CVE-2026-25253 ✅ PUBLISHED mitre 2026-02-02 ✅ 已收录
CVE-2026-26317 ✅ PUBLISHED GitHub_M 2026-02-18 ✅ 已收录
CVE-2026-26328 ✅ PUBLISHED GitHub_M 2026-02-18 ✅ 已收录
CVE-2026-27523 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-27524 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-28452 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-28458 ✅ PUBLISHED VulnCheck 2026-02-17 ✅ 已收录
CVE-2026-28469 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-28478 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-28480 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-29612 ✅ PUBLISHED VulnCheck 2026-02-18 ✅ 已收录
CVE-2026-32063 ✅ PUBLISHED VulnCheck 2026-03-03 ✅ 已收录
CVE-2026-32302 ✅ PUBLISHED GitHub_M 2026-03-12 ✅ 已收录
CVE-2026-32302 ✅ PUBLISHED | [GHSA-qcc4-p59m-p54m](https://github.com/advisories/GHSA-qcc4-p59m-p54m) 2026-03-12 ✅ 已收录
CVE-2026-27523 ✅ PUBLISHED | [GHSA-vffc-f7r7-rx2w](https://github.com/advisories/GHSA-vffc-f7r7-rx2w) 2026-03-03 ✅ 已收录
CVE-2026-28469 ✅ PUBLISHED | [GHSA-3fqr-4cg8-h96q](https://github.com/advisories/GHSA-3fqr-4cg8-h96q) 2026-02-18 ✅ 已收录
CVE-2026-28478 ✅ PUBLISHED | [GHSA-mr32-vwc2-5j6h](https://github.com/advisories/GHSA-mr32-vwc2-5j6h) 2026-02-18 ✅ 已收录
CVE-2026-25157 ✅ PUBLISHED | [GHSA-g8p2-7wf7-98mq](https://github.com/advisories/GHSA-g8p2-7wf7-98mq) 2026-02-02 ✅ 已收录
CVE-2026-24763 ✅ PUBLISHED | [GHSA-r2c6-8jc8-g32w](https://github.com/advisories/GHSA-r2c6-8jc8-g32w) 2026-02-02 ✅ 已收录
CVE-2026-22170 ✅ PUBLISHED | [GHSA-jjgj-cpp9-cvpv](https://github.com/advisories/GHSA-jjgj-cpp9-cvpv) 2026-03-04 ✅ 已收录
CVE-2026-22174 ✅ PUBLISHED | [GHSA-gq83-8q7q-9hfx](https://github.com/advisories/GHSA-gq83-8q7q-9hfx) 2026-03-03 ✅ 已收录
CVE-2026-28480 ✅ PUBLISHED | [GHSA-h89v-j3x9-8wqj](https://github.com/advisories/GHSA-h89v-j3x9-8wqj) 2026-02-18 ✅ 已收录
CVE-2026-29612 ✅ PUBLISHED | [GHSA-g34w-4xqq-h79m](https://github.com/advisories/GHSA-g34w-4xqq-h79m) 2026-02-18 ✅ 已收录
CVE-2026-27524 ✅ PUBLISHED | [GHSA-8mf7-vv8w-hjr2](https://github.com/advisories/GHSA-8mf7-vv8w-hjr2) 2026-03-03 ✅ 已收录

📢 安全公告精选

151+
GHSA-rqpp-rjj CRITICAL
OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes
2026-03-13
GHSA-4jpw-hj2 CRITICAL
OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE
2026-03-13
GHSA-xw77-45g CRITICAL
OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes
2026-03-13
GHSA-g2f6-pwv HIGH
OpneClaw accepts unsanitized iMessage attachment paths which allowed SCP remote-path command injection
2026-03-16
GHSA-jq3f-vjw HIGH
OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion
2026-03-16
GHSA-63f5-hhc HIGH
OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
2026-03-16
GHSA-g353-mgv HIGH
OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured
2026-03-13
GHSA-2rqg-gjg HIGH
OpenClaw: Gateway `agent` calls could override the workspace boundary
2026-03-13
GHSA-wcxr-59v HIGH
`OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
2026-03-13
GHSA-99qw-6mr HIGH
OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories
2026-03-13
GHSA-r7vr-gr7 HIGH
OpenClaw: Command-authorized non-owners could reach owner-only `/config` and `/debug` surfaces
2026-03-13
GHSA-vmhq-cqm HIGH
OpenClaw: `browser.request` let `operator.write` persist admin-only browser profile changes
2026-03-13

📊 漏洞分类

白名单绕过 (Allowlist Bypass)
60
注入攻击 (XSS/CSRF/Prompt/Command)
34
认证绕过 / 缺失认证
10
SSRF
5
拒绝服务 (DoS)
6
路径穿越 (CWE-22)
3
原型污染 (Prototype Pollution)
1

💡 关键洞察

📈
7.1
平均 CVSS 评分
🔴
335%
HIGH 及以上漏洞占比
100%
CVE 已发布到 cvelistV5
🛡️
100%
已提供修复版本
🏢
3
CNA 来源 (VulnCheck / GitHub / MITRE)
📦
npm
受影响包 (openclaw)