clawdbot
11 known vulnerabilities · 0 critical · 0 high
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities
OpenClaw Telegram allowlist authorization accepted mutable usernames
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch
OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand
Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl