OpenClaw
-
Four OpenClaw flaws could enable data theft and persistence, researchers say
Researchers disclosed four OpenClaw flaws that could be chained for data theft, privilege escalation and persistence. The issues were fixed in version 2026.4.22, and users were advised to update.
-
CNCERT warns OpenClaw flaws could allow endpoint takeover
China’s CNCERT warned that OpenClaw, a self hosted AI agent, has weak defaults and high privileges that could let attackers seize endpoints. Indirect prompt injection and malicious repositories are cited as exploitation paths.
-
ClawJacked flaw let malicious websites brute force local OpenClaw instances
A high severity OpenClaw vulnerability called ClawJacked let malicious websites brute force local management passwords at hundreds of guesses per second. OpenClaw issued a fix in version 2026.2.26 on February 26 to block the attack.
-
Infostealer exfiltrates OpenClaw configuration, capturing tokens and keys
Researchers found an information stealer exfiltrated OpenClaw configuration files, including gateway tokens, device keys and the agent soul file. The analysis warns this enables remote access and may prompt specialized malware modules for AI agents.
-
SecurityScorecard: 135,000 plus internet-exposed OpenClaw instances found
SecurityScorecard’s STRIKE team found more than 135,000 internet-exposed OpenClaw instances and tens of thousands vulnerable to a known RCE bug. Users are urged to restrict network bindings and limit agent access.
-
Audit finds 341 malicious skills on ClawHub marketplace
An analysis found 341 malicious skills on the ClawHub marketplace among 2,857 audited entries. The skills used fake prerequisites and scripts to deliver macOS information stealers and backdoors, creating a supply chain risk for OpenClaw users.
