Openclaw Vulnerabilities
Comprehensive security vulnerability database for Openclaw products
3
0
10
6
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-32060 | 8.7 | This vulnerability allows attackers to write or delete files on the server outside of the designated workspace, which can lead to unauthorized changes or data loss. It occurs when the apply_patch feature is enabled without proper security measures in place, allowing attackers to manipulate file paths to escape the intended directory. | openclawopenclaw | Exploit Available | 28 days agoMar 11, 2026 |
| CVE-2026-32059 | 8.7 | This vulnerability allows attackers to run unauthorized sort commands on OpenClaw systems by using shortened versions of command options, effectively bypassing security checks meant to prevent such actions. It requires the system to be in allowlist mode, where only approved commands should be executed, but the flaw lets attackers sneak around these restrictions. | openclawopenclaw | Theoretical | 28 days agoMar 11, 2026 |
| CVE-2026-27487 | 8.0 | This vulnerability allows an attacker to execute arbitrary commands on a user's macOS system by manipulating OAuth tokens used in the OpenClaw personal AI assistant. It affects versions 2026.2.13 and earlier, and requires the attacker to have control over the OAuth token to exploit the flaw. | openclawopenclaw | Exploit Available | about 2 months agoFeb 21, 2026 |
About Openclaw Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Openclaw products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.