Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2026
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code.
CVSS Score
8.5
EPSS Score
0.001
Published
2026-04-23
OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during the replay process.
CVSS Score
6.3
EPSS Score
0.002
Published
2026-04-23
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in apply_patch, remove, and mkdir operations to manipulate files between validation and execution.
CVSS Score
4.3
EPSS Score
0.001
Published
2026-04-23
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
10.0
EPSS Score
0.005
Published
2026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletion. This vulnerability is fixed in 3.1.0.
CVSS Score
9.3
EPSS Score
0.005
Published
2026-04-23
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files to execute untrusted code or load malicious credentials.
CVSS Score
5.8
EPSS Score
0.001
Published
2026-04-23
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.3
EPSS Score
0.004
Published
2026-04-23
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.008
Published
2026-04-23
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
9.3
EPSS Score
0.006
Published
2026-04-23
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
CVSS Score
8.0
EPSS Score
0.003
Published
2026-04-23


Contact Us

Shodan ® - All rights reserved