특별한 상황에 맞는 가장 적합한 호스팅 서비스를
더 전문적인 기업에 맡기세요.

보안패치정보

OpenClaw 제품 보안 업데이트 권고 2026-04-07 
          	
   
    
□ 개요
 o OpenClaw社는 자사 제품에서 발생하는 취약점을 해결한 보안 업데이트 발표 [1]~[22]
 o 영향을 받는 버전을 사용 중인 사용자는 해결 방안에 따라 최신 버전으로 업데이트 권고

    
□ 설명
 o OpenClaw에서 발생하는 Missing Authorization 취약점(CVE-2026-22172) [1][23]
 o OpenClaw에서 발생하는 Incomplete List of Disallowed Inputs 취약점(CVE-2026-28363) [2][24]
 o OpenClaw에서 발생하는 OS Command Injection 취약점(CVE-2026-28391) [3][25]
 o OpenClaw에서 발생하는 Incorrect Implementation of Authentication Algorithm 취약점(CVE-2026-28446) [4][26]
 o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-28466) [5][27]
 o OpenClaw에서 발생하는 OS Command Injection 취약점(CVE-2026-28470) [6][28]
 o OpenClaw에서 발생하는 Missing Authentication for Critical Function 취약점(CVE-2026-28472) [7][29]
 o OpenClaw Nextcloud Talk Plugin에서 발생하는 Incorrect Authorization 취약점(CVE-2026-28474) [8][30]
 o OpenClaw Agent Platform에서 발생하는 Code Injection 취약점(CVE-2026-30741) [9][31]
 o OpenClaw에서 발생하는 Improper Access Control 취약점(CVE-2026-32038) [10][32]
 o OpenClaw에서 발생하는 Insufficiently Protected Credentials 취약점(CVE-2026-32913) [11][33]
 o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-32915) [12][34]
 o OpenClaw에서 발생하는 Incorrect Privilege Assignment 취약점(CVE-2026-32916) [13][35]
 o OpenClaw에서 발생하는 OS Command Injection 취약점(CVE-2026-32917) [14][36]
 o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-32918) [15][37]
 o OpenClaw에서 발생하는 Incorrect Privilege Assignment 취약점(CVE-2026-32922) [16][38]
 o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-32924) [17][39]
 o OpenClaw에서 발생하는 Permissive Regular Expression 취약점(CVE-2026-32973) [18][40]
 o OpenClaw에서 발생하는 Reliance on Untrusted Inputs in a Security Decision 취약점(CVE-2026-32975) [19][41]
 o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-32978) [20][42]
 o OpenClaw에서 발생하는 Authentication Bypass by Capture-replay 취약점(CVE-2026-32987) [21][43]
 o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-33579) [22][44]

    
□ 영향을 받는 제품 및 해결 방안
    
     
             
        취약점        제품명        영향받는 버전        해결 버전       
                   
        CVE-2026-22172        openclaw        2026.3.11 이하        2026.3.12       
       
        CVE-2026-28363        openclaw        2026.2.22-2 이하        2026.2.23 이상       
       
        CVE-2026-28391        openclaw        2026.2.1 이하        2026.2.2 이상       
       
        CVE-2026-28446        openclaw        2026.2.1 이하        2026.2.2 이상       
       
        CVE-2026-28466        openclaw        2026.2.14 미만        2026.2.14 이상       
       
        CVE-2026-28470        openclaw        2026.2.1 이하        2026.2.2 이상       
       
        CVE-2026-28472        openclaw        2026.2.1 이하        2026.2.2 이상       
       
        CVE-2026-28474        nextcloud-talk        2026.2.2 이하        2026.2.6 이상       
       
        CVE-2026-30741        OpenClaw Agent Platform        2026.2.6 이하        2026.2.6 이후       
       
        CVE-2026-32038        openclaw        2026.2.23 이하        2026.2.24 이상       
       
        CVE-2026-32913        openclaw        2026.3.2 이하        2026.3.7 이상       
       
        CVE-2026-32915        openclaw        2026.3.8 이하        2026.3.11       
       
        CVE-2026-32916        openclaw        2026.3.7 이상 ~ 2026.3.11 미만        2026.3.11       
       
        CVE-2026-32917        openclaw        2026.3.12 이하        2026.3.13 이상       
       
        CVE-2026-32918        openclaw        2026.3.8 이하        2026.3.11       
       
        CVE-2026-32922        openclaw        2026.3.8 이하        2026.3.11       
       
        CVE-2026-32924        openclaw        2026.3.11 이하        2026.3.12       
       
        CVE-2026-32973        openclaw        2026.3.8 이하        2026.3.11       
       
        CVE-2026-32975        openclaw        2026.3.11 이하        2026.3.12       
       
        CVE-2026-32978        openclaw        2026.3.11 미만        2026.3.11       
       
        CVE-2026-32987        openclaw        2026.3.12 이하        2026.3.13 이상       
       
        CVE-2026-33579        openclaw        2026.3.24 이하        2026.3.28 이상       
           
    
    
※ 하단의 참고 사이트를 확인하여 업데이트 수행 [1]~[22]

    
□ 참고사이트
 [1] https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8
 [2] https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78
 [3] https://github.com/openclaw/openclaw/security/advisories/GHSA-qj77-c3c8-9c3q
 [4] https://github.com/openclaw/openclaw/security/advisories/GHSA-4rj2-gpmh-qq5x
 [5] https://github.com/openclaw/openclaw/security/advisories/GHSA-gv46-4xfq-jv58
 [6] https://github.com/openclaw/openclaw/security/advisories/GHSA-3hcm-ggvf-rch5
 [7] https://github.com/openclaw/openclaw/security/advisories/GHSA-rv39-79c4-7459
 [8] https://github.com/openclaw/openclaw/security/advisories/GHSA-r5h9-vjqc-hq3r
 [9] https://github.com/advisories/GHSA-rvp5-mqmc-q4g6
 [10] https://github.com/openclaw/openclaw/security/advisories/GHSA-ww6v-v748-x7g9
 [11] https://github.com/openclaw/openclaw/security/advisories/GHSA-6mgf-v5j7-45cr
 [12] https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff
 [13] https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728
 [14] https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275
 [15] https://github.com/openclaw/openclaw/security/advisories/GHSA-wcxr-59v9-rxr8
 [16] https://github.com/openclaw/openclaw/security/advisories/GHSA-4jpw-hj22-2xmc
 [17] https://github.com/openclaw/openclaw/security/advisories/GHSA-m69h-jm2f-2pv8
 [18] https://github.com/openclaw/openclaw/security/advisories/GHSA-f8r2-vg7x-gh8m
 [19] https://github.com/openclaw/openclaw/security/advisories/GHSA-f5mf-3r52-r83w
 [20] https://github.com/openclaw/openclaw/security/advisories/GHSA-qc36-x95h-7j53
 [21] https://github.com/openclaw/openclaw/security/advisories/GHSA-63f5-hhc7-cx6p
 [22] https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497
 [23] https://nvd.nist.gov/vuln/detail/CVE-2026-22172
 [24] https://nvd.nist.gov/vuln/detail/CVE-2026-28363
 [25] https://nvd.nist.gov/vuln/detail/CVE-2026-28391
 [26] https://nvd.nist.gov/vuln/detail/CVE-2026-28446
 [27] https://nvd.nist.gov/vuln/detail/CVE-2026-28466
 [28] https://nvd.nist.gov/vuln/detail/CVE-2026-28470
 [29] https://nvd.nist.gov/vuln/detail/CVE-2026-28472
 [30] https://nvd.nist.gov/vuln/detail/CVE-2026-28474
 [31] https://nvd.nist.gov/vuln/detail/CVE-2026-30741
 [32] https://nvd.nist.gov/vuln/detail/CVE-2026-32038
 [33] https://nvd.nist.gov/vuln/detail/CVE-2026-32913
 [34] https://nvd.nist.gov/vuln/detail/CVE-2026-32915
 [35] https://nvd.nist.gov/vuln/detail/CVE-2026-32916
 [36] https://nvd.nist.gov/vuln/detail/CVE-2026-32917
 [37] https://nvd.nist.gov/vuln/detail/CVE-2026-32918
 [38] https://nvd.nist.gov/vuln/detail/CVE-2026-32922
 [39] https://nvd.nist.gov/vuln/detail/CVE-2026-32924
 [40] https://nvd.nist.gov/vuln/detail/CVE-2026-32973
 [41] https://nvd.nist.gov/vuln/detail/CVE-2026-32975
 [42] https://nvd.nist.gov/vuln/detail/CVE-2026-32978
 [43] https://nvd.nist.gov/vuln/detail/CVE-2026-32987
 [44] https://nvd.nist.gov/vuln/detail/CVE-2026-33579

    
□ 문의사항
 o 한국인터넷진흥원 사이버민원센터 : 국번없이 118

    
□ 작성 : 위협대응단 AI취약점대응팀

FAMILY SITE


서울시우수기업브랜드

  • 본사경기도 성남시 수정구 창업로 42 판교제2테크노밸리 경기기업성장센터 701호
  • IDC상황실서울특별시 서초구 법원로 1길 6 SK브로드밴드 1층
  • 대표자차성진
  • 사업자 등록번호104-81-66579
  • 통신판매신고제01503호
  • 개인정보보호 책임자남궁정태(sales@nurihosting.com)
  • COPYRIGHT 누리호스팅. ALL RIGHTS RESERVED.
  • 기술문의02.6925.5044
  • 요금문의02.6925.5045
  • 영업문의02.6925.5046
  • 클라우드문의02.532.5047
  • 팩스02.591.1115
  • 입금안내국민은행 484201-01-054223
  • 예금주: (주)누리호스팅