OpenClaw Hit by Two New CVEs — CVE-2026-45006 (CVSS 7.7) Gateway Config Bypass and CVE-2026-45004
If you’re running OpenClaw, stop reading this intro and go patch. Two new high-severity CVEs were disclosed today for OpenClaw, and one of them — CVE-2026-45006 — is particularly nasty: a gateway config bypass that lets compromised models persistently modify the platform’s command execution rules, network behaviors, stored credentials, and operator policies. Here’s what you need to know. CVE-2026-45006 (CVSS 7.7) — Gateway Config Bypass Severity: High (CVSS 7.7) Fixed in: OpenClaw 2026.4.23 (commit bceda60) Affected versions: All versions prior to 2026.4.23 ...