None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
None
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-53866
— OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell …
Remote
|
Authentication
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-53865
— OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH
OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute …
|
Path Traversal
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-53864
— OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control …
OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to wo…
Remote
|
Misconfiguration
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-53863
— OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy
OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could t…
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-53862
— OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening
OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap toke…
Remote
|
Authentication
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-53861
— OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS
OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the in…
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-53860
— OpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBu…
OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender ident…
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
