pkg:npm/clawdbot

All known vulnerabilities

• CRITICAL9.8CVE-2026-28469OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
  from 0, <= 2026.1.24-3
• HIGH8.8CVE-2026-25253OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
  from 0, < 2026.1.29
• HIGH8.8CVE-2026-24763OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
  from 0, < 2026.1.29
• HIGH7.7CVE-2026-25157OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand
  from 0, < 2026.1.29
• HIGH7.5CVE-2026-28478OpenClaw affected by denial of service via unbounded webhook request body buffering
  from 0, <= 2026.1.24-3
• HIGH7.1CVE-2026-26317OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
  from 0, <= 2026.1.24-3
• MEDIUM6.5CVE-2026-28452OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
  from 0, <= 2026.1.24-3
• MEDIUM6.5CVE-2026-26328OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities
  from 0, < 2026.2.14
• MEDIUM5.9CVE-2026-28480OpenClaw Telegram allowlist authorization accepted mutable usernames
  from 0, <= 2026.1.24-3
• MEDIUM5.5CVE-2026-29612OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks
  from 0, <= 2026.1.24-3