Hardening

Three command injection vulnerabilities in Claude Code CLI — CVE-2026-35020, CVE-2026-35021, and CVE-2026-35022 — carry CVSS scores of 9.8 (Critical) and chain together to enable credential exfiltration over HTTP. If you’re running Claude Code in any CI/CD pipeline, this guide walks you through immediate mitigation steps and longer-term hardening practices. This is not optional maintenance. These are exploitable, validated vulnerabilities with confirmed callback evidence. Prerequisites Access to your Claude Code CLI deployment(s) Access to your CI/CD pipeline configurations (GitHub Actions, GitLab CI, Jenkins, or equivalent) Basic shell access to environments where Claude Code runs Permission to update environment variable configurations and outbound network rules Step 1: Check Your Version and Patch Immediately The vulnerabilities are confirmed exploitable on v2.1.91 and earlier. Your first action is to identify and update every Claude Code CLI instance. ...

Google DeepMind’s new research framework maps six categories of “AI Agent Traps” — adversarial techniques embedded in the environment that can hijack autonomous agents without the user or the agent knowing. With content injection attacks succeeding in up to 86% of tested scenarios, this isn’t theoretical risk. This guide walks through each of the six trap categories and gives you concrete, actionable mitigations you can implement today — whether you’re running OpenClaw, a custom LangGraph pipeline, or any other agent framework. ...

CVE-2026-32211 is a CVSS 9.1 information disclosure vulnerability in Azure MCP Server. Missing authentication allows unauthenticated attackers with network access to read sensitive data — API keys, agent tokens, and data source credentials the MCP server manages. No credentials required to exploit. No prior access needed. This guide walks through the immediate mitigation steps while an official patch is pending, and the longer-term hardening practices that should apply to any MCP server deployment. ...

CNCERT just flagged 135,000 publicly exposed OpenClaw instances. If yours is one of them, this guide is for you. The 2026 OpenClaw security advisory covers two CVEs and a systemic issue with weak default configurations. This guide walks you through the practical steps to harden your deployment — from critical patches to defense-in-depth practices that protect against prompt injection attacks. Time to complete: 30–60 minutes Applies to: All self-hosted OpenClaw deployments Urgency: High — patch the CVEs first ...

Indirect Prompt Injection (IDPI) is now confirmed in-the-wild by Palo Alto Unit 42. Adversaries are embedding hidden instructions in web pages and documents to hijack AI agents — and OpenClaw’s browser and research agents are high-value targets. This guide walks through concrete hardening steps you can apply to your OpenClaw deployments today. Prerequisites OpenClaw installed and configured (any recent version) At least one agent with web browsing or document processing capability Basic familiarity with OpenClaw’s skill and session configuration Step 1: Audit Your Agent Attack Surface Before hardening anything, map your exposure. For each agent you run: ...

The ClawJacked vulnerability allowed malicious websites to brute-force OpenClaw’s local WebSocket gateway and silently gain admin control over your AI agents. The patch is out — but patching alone isn’t enough if your gateway is still misconfigured. This guide walks you through verification and hardening. Time required: 10–15 minutes Difficulty: Beginner–Intermediate Prerequisites: OpenClaw installed and running locally Step 1: Check Your OpenClaw Version The ClawJacked fix shipped in the latest OpenClaw release. First, confirm what version you’re running. ...

Oasis Security disclosed a critical vulnerability chain in OpenClaw today that can enable full workstation compromise — initiated from a browser tab. SecurityScorecard found more than 40,000 OpenClaw gateways exposed to the public internet. If you’re running OpenClaw, this guide walks you through auditing your exposure and locking it down while you wait for an official patch. This is not a theoretical threat. Act now. Disclaimer: This guide reflects best practices as of 2026-02-26, based on the publicly available Oasis Security threat research. OpenClaw’s security team has acknowledged the report. Apply any official patches immediately when released, as they may supersede or extend these mitigations. ...

OpenClaw Security Crisis: Six CVEs Patched, 40K Instances Exposed, and NanoClaw Rises Today is a tough day for OpenClaw’s security reputation — and an important one for anyone running the framework. Three interconnected stories broke simultaneously, painting a picture of an ecosystem under pressure: six newly-disclosed vulnerabilities, 40,000+ publicly exposed instances, and the rapid rise of a minimalist, security-first alternative called NanoClaw. Here’s the full picture, and what you need to do right now. ...

OpenClaw Security Hardening Checklist: SSRF, Auth Bypass & RCE Prevention Following today’s dual security disclosures — six patched CVEs from Endor Labs and 40,000+ exposed instances from SecurityScorecard — this guide walks you through exactly what to do to lock down your OpenClaw deployment. Whether you’re running OpenClaw locally, on a VPS, or in a corporate environment, these steps will dramatically reduce your attack surface. Bookmark this. Share it with your team. Run through it today. ...