Multiple Vulnerabilities Disclosed in OpenClaw
dCERT published advisories 2026-0836 and 2026-0866 covering multiple vulnerabilities in OpenClaw, indicating that the product is affected by more than one security flaw and that the issue set warranted repeated or updated notification. The advisories identify OpenClaw as the impacted technology but do not provide a public synopsis in the referenced notices.
Organizations using OpenClaw should review both dCERT advisories to determine affected versions, vulnerability details, and available mitigations or patches. The paired notices suggest ongoing vulnerability handling around the product, making prompt validation of exposure, patch status, and any vendor remediation guidance a priority.
Timeline
Apr 27, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-1258
dCERT published advisory 2026-1258 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Apr 24, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-1231
dCERT published advisory 2026-1231 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Apr 23, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-1220
dCERT published advisory 2026-1220 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Apr 22, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-1208
dCERT published advisory 2026-1208 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Apr 20, 2026
dCERT publishes OpenClaw security bypass advisory 2026-1155
dCERT published advisory 2026-1155 for an OpenClaw vulnerability described as allowing bypass of security measures. No further technical details or remediation information are provided in the reference content.
Apr 17, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-1139
dCERT published advisory 2026-1139 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Apr 16, 2026
dCERT publishes OpenClaw file manipulation vulnerability advisory 2026-1127
dCERT published advisory 2026-1127 for an OpenClaw vulnerability described as allowing manipulation of files. No further synopsis or remediation details are provided in the reference content.
Apr 13, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-1044
dCERT published advisory 2026-1044 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Apr 9, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-1016
dCERT published advisory 2026-1016 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Apr 8, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-0985
dCERT published advisory 2026-0985 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Apr 7, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-0961
dCERT published advisory 2026-0961 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Apr 1, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-0930
dCERT published advisory 2026-0930 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Mar 31, 2026
dCERT publishes OpenClaw vulnerabilities advisory 2026-0912
dCERT published advisory 2026-0912 for multiple vulnerabilities in OpenClaw. The reference provides no synopsis or additional technical or remediation details.
Mar 27, 2026
dCERT publishes follow-up OpenClaw vulnerabilities advisory 2026-0866
dCERT published advisory 2026-0866 for multiple vulnerabilities in OpenClaw, indicating a further advisory update or additional disclosure related to the same product. The reference content does not include specifics on the vulnerabilities or fixes.
Mar 25, 2026
dCERT publishes OpenClaw multiple vulnerabilities advisory 2026-0836
dCERT published advisory 2026-0836 بشأن multiple vulnerabilities in OpenClaw. No additional technical details or remediation information are provided in the reference content.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
5 more from sources like dcert
Related Stories
OpenClaw Flaws Let Authenticated Users Escalate Privileges and Bypass Authorization
Two high-severity vulnerabilities in OpenClaw exposed paths for authenticated users to gain access beyond their intended roles. **CVE-2026-32042** affects versions before `2026.2.25` and allows an attacker with valid shared gateway authentication to present a self-signed, unpaired device identity and bypass pairing requirements, then self-assign elevated operator scopes including `operator.admin`. The issue is classified as `CWE-863` and effectively turns a trusted but unapproved device identity into a route for privilege escalation. A second flaw, **CVE-2026-32051**, affects OpenClaw versions before `2026.3.1` and allows users with `operator.write` scope to reach owner-only tool surfaces such as gateway and cron through agent runs in scoped-token deployments. The authorization mismatch lets lower-privileged authenticated users perform control-plane actions that should be restricted to owners, creating high risk to confidentiality, integrity, and availability. Advisories for both issues point to fixes and security guidance through GitHub and VulnCheck.
1 weeks ago
Multiple OpenClaw Flaws Enable Code Execution and Consent Bypass
OpenClaw disclosed several high-severity vulnerabilities that can lead to arbitrary code execution and security control bypass across recent releases. **CVE-2026-35641** affects versions before `2026.3.24` and lets a malicious local plugin or hook package use a crafted `.npmrc` file to override the `git` executable during `npm install`, resulting in arbitrary program execution. **CVE-2026-41349** affects versions before `2026.3.28` and allows low-privileged remote attackers to bypass execution approval through `config.patch`, silently disabling agentic consent protections. Belgium's Centre for Cybersecurity warned that multiple OpenClaw flaws can lead to RCE and urged immediate patching. Additional OpenClaw issues published shortly after expand the attack surface. **CVE-2026-41336** affects versions before `2026.3.31` and allows workspace `.env` files to override `OPENCLAW_BUNDLED_HOOKS_DIR`, causing trusted bundled hooks to be replaced with attacker-controlled code from untrusted workspaces. **CVE-2026-41352**, also fixed in `2026.3.31`, allows a device-paired node to bypass the node scope gate and execute arbitrary node commands on the host without proper pairing validation. Separately, the Node.js package **simple-git** disclosed **CVE-2026-6951**, an RCE flaw in versions before `3.36.0` caused by incomplete blocking of Git configuration options, allowing attackers to abuse `--config`, enable `protocol.ext.allow=always`, and trigger execution through an `ext::` clone source when untrusted input reaches the library's options.
1 weeks ago
OpenClaw Flaws Let Attackers Bypass Group Allowlists and Sender Policies
Two high-severity vulnerabilities in **OpenClaw** exposed weaknesses in how the platform enforced messaging restrictions in its chat integrations. **`CVE-2026-32975`** affects versions before **`2026.3.12`** and stems from weak authorization in Zalouser allowlist mode, where access checks used mutable group display names instead of stable group identifiers. That design allowed an attacker to create a group with the same name as an allowlisted group and bypass channel authorization, potentially causing messages from unintended groups to be routed to the agent. A second flaw, **`CVE-2026-33578`**, affects versions before **`2026.3.28`** in the **Google Chat** and **Zalouser** extensions. In that case, route-level group allowlist policies could silently downgrade to an open sender policy, letting attackers bypass configured sender restrictions and interact with bots that should have been limited to approved groups. Both issues were rated **high severity** with impact to confidentiality, integrity, and availability, and advisories and code references were published alongside fixes in newer OpenClaw releases.
1 months ago