Skip to main content
CVE-2026-31991 LOW PATCH Monitor

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in Signal group allowlist enforcement where the system incorrectly accepts sender identities derived from direct message (DM) pairing-store approvals. An authenticated attacker with low privileges can exploit this boundary weakness by obtaining DM pairing approval, allowing them to bypass group allowlist checks and gain unauthorized access to Signal groups. While the CVSS score is moderate (3.7) and attack complexity is high, the vulnerability represents a direct authentication control bypass in a messaging security context, and patches are available from the vendor.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-32020 LOW PATCH Monitor

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-32006 LOW PATCH Monitor

CVE-2026-32006 is a security vulnerability (CVSS 3.1). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-33394 LOW Monitor

Discourse is an open-source discussion platform.

Information Disclosure Discourse
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-29104 LOW Monitor

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

File Upload Suitecrm
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-32019 LOW PATCH Monitor

OpenClaw versions prior to 2026.2.22 contain incomplete validation of IPv4 special-use ranges in the isPrivateIpv4() function, allowing attackers to bypass Server-Side Request Forgery (SSRF) policy checks and access RFC-reserved address ranges that should be blocked. An authenticated attacker with network reachability to special-use IPv4 ranges such as 198.18.0.0/15 can exploit the web_fetch functionality to access blocked internal addresses, resulting in information disclosure and potential lateral movement. The vulnerability has been patched and security advisories are available from the OpenClaw project.

SSRF Openclaw
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-33408 LOW Monitor

Discourse is an open-source discussion platform.

Authentication Bypass Discourse
NVD GitHub VulDB
CVSS 3.1
2.2
EPSS
0.0%
CVE-2026-0819 LOW PATCH Monitor

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality.

Buffer Overflow Stack Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.2
EPSS
0.0%
CVE-2026-1005 LOW Monitor

Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket.

Buffer Overflow Integer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-31996 LOW PATCH Monitor

OpenClaw versions prior to 2026.2.19 contain an input validation bypass in the tools.exec.safeBins component that allows local attackers with command execution privileges to circumvent stdin-only restrictions and perform arbitrary filesystem operations. By exploiting sort output flags (specifically the -o flag for arbitrary file writes) or recursive grep flags (-R for recursive file reads), authenticated attackers can read sensitive files or overwrite critical files despite intended access controls. While the CVSS score of 3.6 is moderate and requires local access with low privileges, the vulnerability represents a privilege escalation or sandbox escape technique rather than a critical remote exploit.

Command Injection Openclaw
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-32018 LOW PATCH Monitor

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers.

Information Disclosure Race Condition Openclaw
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-4395 LOW PATCH Monitor

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point.

Buffer Overflow Heap Overflow Microsoft
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.2%
CVE-2026-3230 LOW PATCH Monitor

CVE-2026-3230 is a security vulnerability (CVSS 1.2). Remediation should follow standard vulnerability management procedures.

Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 4.0
1.2
EPSS
0.1%
CVE-2026-4159 LOW PATCH Monitor

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content.

Buffer Overflow Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 4.0
1.2
EPSS
0.0%
CVE-2026-3229 LOW PATCH Monitor

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these...

Buffer Overflow Heap Overflow Nginx
NVD GitHub VulDB
CVSS 4.0
1.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy