[인터넷보호나라 KrCERT 보안공지] OpenClaw 제품 보안 업데이트 권고

□ 개요
o OpenClaw社는 자사 제품에서 발생하는 취약점을 해결한 보안 업데이트 발표 [1]~[22]
o 영향을 받는 버전을 사용 중인 사용자는 해결 방안에 따라 최신 버전으로 업데이트 권고

□ 설명
o OpenClaw에서 발생하는 Missing Authorization 취약점(CVE-2026-22172) [1][23]
o OpenClaw에서 발생하는 Incomplete List of Disallowed Inputs 취약점(CVE-2026-28363) [2][24]
o OpenClaw에서 발생하는 OS Command Injection 취약점(CVE-2026-28391) [3][25]
o OpenClaw에서 발생하는 Incorrect Implementation of Authentication Algorithm 취약점(CVE-2026-28446) [4][26]
o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-28466) [5][27]
o OpenClaw에서 발생하는 OS Command Injection 취약점(CVE-2026-28470) [6][28]
o OpenClaw에서 발생하는 Missing Authentication for Critical Function 취약점(CVE-2026-28472) [7][29]
o OpenClaw Nextcloud Talk Plugin에서 발생하는 Incorrect Authorization 취약점(CVE-2026-28474) [8][30]
o OpenClaw Agent Platform에서 발생하는 Code Injection 취약점(CVE-2026-30741) [9][31]
o OpenClaw에서 발생하는 Improper Access Control 취약점(CVE-2026-32038) [10][32]
o OpenClaw에서 발생하는 Insufficiently Protected Credentials 취약점(CVE-2026-32913) [11][33]
o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-32915) [12][34]
o OpenClaw에서 발생하는 Incorrect Privilege Assignment 취약점(CVE-2026-32916) [13][35]
o OpenClaw에서 발생하는 OS Command Injection 취약점(CVE-2026-32917) [14][36]
o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-32918) [15][37]
o OpenClaw에서 발생하는 Incorrect Privilege Assignment 취약점(CVE-2026-32922) [16][38]
o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-32924) [17][39]
o OpenClaw에서 발생하는 Permissive Regular Expression 취약점(CVE-2026-32973) [18][40]
o OpenClaw에서 발생하는 Reliance on Untrusted Inputs in a Security Decision 취약점(CVE-2026-32975) [19][41]
o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-32978) [20][42]
o OpenClaw에서 발생하는 Authentication Bypass by Capture-replay 취약점(CVE-2026-32987) [21][43]
o OpenClaw에서 발생하는 Incorrect Authorization 취약점(CVE-2026-33579) [22][44]

□ 영향을 받는 제품 및 해결 방안

※ 하단의 참고 사이트를 확인하여 업데이트 수행 [1]~[22]

□ 참고사이트
[1] https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8
[2] https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78
[3] https://github.com/openclaw/openclaw/security/advisories/GHSA-qj77-c3c8-9c3q
[4] https://github.com/openclaw/openclaw/security/advisories/GHSA-4rj2-gpmh-qq5x
[5] https://github.com/openclaw/openclaw/security/advisories/GHSA-gv46-4xfq-jv58
[6] https://github.com/openclaw/openclaw/security/advisories/GHSA-3hcm-ggvf-rch5
[7] https://github.com/openclaw/openclaw/security/advisories/GHSA-rv39-79c4-7459
[8] https://github.com/openclaw/openclaw/security/advisories/GHSA-r5h9-vjqc-hq3r
[9] https://github.com/advisories/GHSA-rvp5-mqmc-q4g6
[10] https://github.com/openclaw/openclaw/security/advisories/GHSA-ww6v-v748-x7g9
[11] https://github.com/openclaw/openclaw/security/advisories/GHSA-6mgf-v5j7-45cr
[12] https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff
[13] https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728
[14] https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275
[15] https://github.com/openclaw/openclaw/security/advisories/GHSA-wcxr-59v9-rxr8
[16] https://github.com/openclaw/openclaw/security/advisories/GHSA-4jpw-hj22-2xmc
[17] https://github.com/openclaw/openclaw/security/advisories/GHSA-m69h-jm2f-2pv8
[18] https://github.com/openclaw/openclaw/security/advisories/GHSA-f8r2-vg7x-gh8m
[19] https://github.com/openclaw/openclaw/security/advisories/GHSA-f5mf-3r52-r83w
[20] https://github.com/openclaw/openclaw/security/advisories/GHSA-qc36-x95h-7j53
[21] https://github.com/openclaw/openclaw/security/advisories/GHSA-63f5-hhc7-cx6p
[22] https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497
[23] https://nvd.nist.gov/vuln/detail/CVE-2026-22172
[24] https://nvd.nist.gov/vuln/detail/CVE-2026-28363
[25] https://nvd.nist.gov/vuln/detail/CVE-2026-28391
[26] https://nvd.nist.gov/vuln/detail/CVE-2026-28446
[27] https://nvd.nist.gov/vuln/detail/CVE-2026-28466
[28] https://nvd.nist.gov/vuln/detail/CVE-2026-28470
[29] https://nvd.nist.gov/vuln/detail/CVE-2026-28472
[30] https://nvd.nist.gov/vuln/detail/CVE-2026-28474
[31] https://nvd.nist.gov/vuln/detail/CVE-2026-30741
[32] https://nvd.nist.gov/vuln/detail/CVE-2026-32038
[33] https://nvd.nist.gov/vuln/detail/CVE-2026-32913
[34] https://nvd.nist.gov/vuln/detail/CVE-2026-32915
[35] https://nvd.nist.gov/vuln/detail/CVE-2026-32916
[36] https://nvd.nist.gov/vuln/detail/CVE-2026-32917
[37] https://nvd.nist.gov/vuln/detail/CVE-2026-32918
[38] https://nvd.nist.gov/vuln/detail/CVE-2026-32922
[39] https://nvd.nist.gov/vuln/detail/CVE-2026-32924
[40] https://nvd.nist.gov/vuln/detail/CVE-2026-32973
[41] https://nvd.nist.gov/vuln/detail/CVE-2026-32975
[42] https://nvd.nist.gov/vuln/detail/CVE-2026-32978
[43] https://nvd.nist.gov/vuln/detail/CVE-2026-32987
[44] https://nvd.nist.gov/vuln/detail/CVE-2026-33579

□ 문의사항
o 한국인터넷진흥원 사이버민원센터 : 국번없이 118

□ 작성 : 위협대응단 AI취약점대응팀