Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.9 MEDIUM
CVE-2026-32035 — OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler

OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants ca…

Remote | Authorization
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.8 MEDIUM
CVE-2026-32034 — OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allo…

Remote | Authentication
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.0 MEDIUM
CVE-2026-32033 — OpenClaw < 2026.2.24 - Path Traversal via @-prefixed Absolute Paths in Workspace Boundary…

OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerability where @-prefixed absolute paths bypass workspace-only file-system boundary validation due to canonicalization mismatch. Att…

Remote | Path Traversal
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
7.3 HIGH
CVE-2026-32032 — OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variab…

OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the unvalidated SHELL path from the host environment. An attacker wit…

| Authentication
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.3 MEDIUM
CVE-2026-32031 — OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/c…

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between t…

Remote | Authentication
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
8.2 HIGH
CVE-2026-32030 — OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled…

Remote | Path Traversal
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.3 MEDIUM
CVE-2026-32029 — OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing

OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate from configured trusted proxies, allowing attackers to spoof client IP address…

Remote | Misconfiguration
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.3 MEDIUM
CVE-2026-32028 — OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-d…

Remote | Authorization
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
7.1 HIGH
CVE-2026-32027 — OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance i…

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can e…

Remote | Authorization
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
7.1 HIGH
CVE-2026-32026 — OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sand…

OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox media handling that allows absolute paths under the host temporary directory outside the active sandb…

Remote | Path Traversal
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
7.5 HIGH
CVE-2026-32025 — OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication B…

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployme…

Remote | Authentication
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.8 MEDIUM
CVE-2026-32024 — OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attac…

| Path Traversal
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.0 MEDIUM
CVE-2026-32023 — OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in …

OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Atta…

Remote | Authorization
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.0 MEDIUM
CVE-2026-32022 — OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern …

Remote | Path Traversal
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.3 MEDIUM
CVE-2026-32021 — OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-o…

Remote | Authorization
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
4.8 MEDIUM
CVE-2026-32020 — OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under…

| Path Traversal
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.0 MEDIUM
CVE-2026-32019 — OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attac…

Remote | Server-Side Request Forgery
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
3.6 LOW
CVE-2026-32018 — OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit …

| Race Condition
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.0 MEDIUM
CVE-2026-32017 — OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist

OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can by…

Remote | Misconfiguration
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
7.3 HIGH
CVE-2026-32016 — OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploi…

| Path Traversal
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
Showing 20 of 5609 Results