Cve

A new critical vulnerability in OpenClaw — tracked as CVE-2026-32971 — allows attackers to obtain human approval for a benign-looking command while executing an entirely different, malicious payload. If you’re running OpenClaw before version 2026.3.11, patch now. The Vulnerability CVE-2026-32971 is a flaw in how OpenClaw’s node-host system.run approval mechanism displays shell commands to users. When the approval dialog is triggered, OpenClaw extracts and displays only a subset of the shell payload — the portion it considers “representative” — rather than the full argv that will actually be executed. ...

A newly disclosed vulnerability in OpenClaw — tracked as CVE-2026-32979 — allows attackers to execute arbitrary code by modifying local scripts during the window between user approval and actual execution. If you’re running OpenClaw before version 2026.3.11, you should patch immediately. The Vulnerability OpenClaw’s security model relies on a human approval step before executing certain commands, particularly those flagged as elevated or potentially destructive. This approval mechanism is central to the framework’s safety guarantees — it’s how the system ensures a human is in the loop before sensitive operations run. ...

Two critical security vulnerabilities in OpenClaw were publicly disclosed today, and if you’re running any version older than 2026.3.11, you need to patch immediately. Both CVEs involve sandbox escape — the ability for a subagent running in an isolated context to break out and access session state it shouldn’t be able to see or modify. This isn’t theoretical. The CVSS score for CVE-2026-32918 is 8.4 (High), and the attack path is alarmingly accessible. ...

If you’re running OpenClaw and haven’t updated recently, stop what you’re doing and check your version. A newly disclosed vulnerability — CVE-2026-32895 — allows an attacker with basic access to bypass the authorization controls that keep your Slack DM allowlists and per-channel user restrictions intact. The fix is in version 2026.2.26 and later. If you’re not there, you’re exposed. What’s Vulnerable The flaw lives in OpenClaw’s system event handlers for two subtypes: member and message. These handlers process events like message_changed, message_deleted, and thread_broadcast — normal Slack plumbing that OpenClaw routes and acts on. ...

A new OpenClaw security vulnerability has been publicly disclosed. If you’re running OpenClaw, check your version right now. CVE-2026-32895 (CVSS 5.3 — Medium) affects all OpenClaw versions prior to 2026.2.26. The patch is available. There is no good reason to stay on a vulnerable version. What the Vulnerability Does The flaw is an authorization bypass in OpenClaw’s system event handlers — specifically the member and message subtype handlers. OpenClaw lets administrators restrict which users can interact with an agent via Slack DM allowlists and per-channel user allowlists. CVE-2026-32895 breaks that enforcement. An attacker who is not on a channel’s allowlist can craft and send system events that the vulnerable handlers process anyway, effectively bypassing the access controls entirely. ...

If you’re running Langflow and haven’t patched yet, stop reading and go patch. Then come back. A critical vulnerability in Langflow — CVE-2026-33017 (CVSS 9.3) — enables unauthenticated remote code execution, and threat actors began exploiting it in the wild within 20 hours of public disclosure on March 20, 2026. That’s not a theoretical risk. That’s active attacks happening right now. What the Vulnerability Does The flaw lives in a single endpoint: ...

CVE-2026-33017 (CVSS 9.3) is a critical unauthenticated remote code execution vulnerability in Langflow that was actively exploited within 20 hours of public disclosure. If your Langflow instance is running version 1.8.1 or earlier and is network-accessible, treat this as an emergency. This guide walks you through patching, verification, and hardening steps to protect your deployment. Step 1: Confirm Your Current Version Check your installed Langflow version: pip show langflow | grep Version # or if running in Docker: docker exec <container_name> pip show langflow | grep Version If the output shows 1.8.1 or earlier, you are vulnerable and must patch immediately. ...

Security researchers dropped a cluster of critical findings today that should be on every agentic AI team’s radar. Vulnerabilities disclosed on March 17, 2026 affect three widely-used components of modern AI pipelines: Amazon Bedrock AgentCore, LangSmith, and SGLang — with the SGLang flaws scoring a maximum-tier 9.8 CVSS and allowing unauthenticated remote code execution. If your production agentic pipeline touches any of these systems, read this now. Amazon Bedrock: DNS Exfiltration Despite “No Network Access” BeyondTrust researchers revealed that Amazon Bedrock AgentCore’s Code Interpreter sandbox — marketed as network-isolated — actually permits outbound DNS queries. That’s a critical gap between what “no network access” implies and what it delivers. ...

The past week delivered one of the more ironic chapters in OpenClaw’s rapid rise: on the same day AWS rolled out a shiny one-click managed deployment on Amazon Lightsail, security researchers were busy counting the 17,500+ exposed instances sitting vulnerable to remote code execution. Welcome to the double-edged reality of viral open-source software at scale. The Good News: OpenClaw Is Now One-Click on Lightsail AWS responded to sustained customer demand by bundling OpenClaw into its Lightsail blueprint catalog — the same service that makes spinning up a WordPress blog feel trivially easy. The new blueprint ships with Amazon Bedrock pre-configured (defaulting to Claude Sonnet 4.6), automated IAM role creation via CloudShell script, and support for connecting via WhatsApp, Telegram, Slack, Discord, or web chat. ...

CNCERT just flagged 135,000 publicly exposed OpenClaw instances. If yours is one of them, this guide is for you. The 2026 OpenClaw security advisory covers two CVEs and a systemic issue with weak default configurations. This guide walks you through the practical steps to harden your deployment — from critical patches to defense-in-depth practices that protect against prompt injection attacks. Time to complete: 30–60 minutes Applies to: All self-hosted OpenClaw deployments Urgency: High — patch the CVEs first ...