Patch

If you’re running OpenClaw on any version before 2026.3.28, stop reading and go update. Right now. We’ll be here when you get back. For everyone else: here’s what happened, why it’s serious, and exactly how to verify you’re protected against two freshly disclosed critical vulnerabilities: CVE-2026-33579 and CVE-2026-34426. What Are These Vulnerabilities? CVE-2026-33579 — Privilege Escalation via /pair approve (CVSS 8.1–9.8) This is the big one. Rated between 8.1 and 9.8 out of 10 on the CVSS scale, CVE-2026-33579 allows an attacker who holds operator.pairing scope — the lowest meaningful permission in an OpenClaw deployment — to silently approve device pairing requests that ask for operator.admin scope. ...

A newly disclosed vulnerability in OpenClaw — tracked as CVE-2026-32979 — allows attackers to execute arbitrary code by modifying local scripts during the window between user approval and actual execution. If you’re running OpenClaw before version 2026.3.11, you should patch immediately. The Vulnerability OpenClaw’s security model relies on a human approval step before executing certain commands, particularly those flagged as elevated or potentially destructive. This approval mechanism is central to the framework’s safety guarantees — it’s how the system ensures a human is in the loop before sensitive operations run. ...

If you’re running OpenClaw and haven’t updated recently, stop what you’re doing and check your version. A newly disclosed vulnerability — CVE-2026-32895 — allows an attacker with basic access to bypass the authorization controls that keep your Slack DM allowlists and per-channel user restrictions intact. The fix is in version 2026.2.26 and later. If you’re not there, you’re exposed. What’s Vulnerable The flaw lives in OpenClaw’s system event handlers for two subtypes: member and message. These handlers process events like message_changed, message_deleted, and thread_broadcast — normal Slack plumbing that OpenClaw routes and acts on. ...

A new OpenClaw security vulnerability has been publicly disclosed. If you’re running OpenClaw, check your version right now. CVE-2026-32895 (CVSS 5.3 — Medium) affects all OpenClaw versions prior to 2026.2.26. The patch is available. There is no good reason to stay on a vulnerable version. What the Vulnerability Does The flaw is an authorization bypass in OpenClaw’s system event handlers — specifically the member and message subtype handlers. OpenClaw lets administrators restrict which users can interact with an agent via Slack DM allowlists and per-channel user allowlists. CVE-2026-32895 breaks that enforcement. An attacker who is not on a channel’s allowlist can craft and send system events that the vulnerable handlers process anyway, effectively bypassing the access controls entirely. ...

The ClawJacked vulnerability allowed malicious websites to brute-force OpenClaw’s local WebSocket gateway and silently gain admin control over your AI agents. The patch is out — but patching alone isn’t enough if your gateway is still misconfigured. This guide walks you through verification and hardening. Time required: 10–15 minutes Difficulty: Beginner–Intermediate Prerequisites: OpenClaw installed and running locally Step 1: Check Your OpenClaw Version The ClawJacked fix shipped in the latest OpenClaw release. First, confirm what version you’re running. ...

If you run OpenClaw on your local machine, here’s your mandatory security update for the week: a vulnerability named ClawJacked was quietly exploiting a gap in the local gateway WebSocket handshake — and yes, a malicious website could have used it against you while you were browsing with OpenClaw running in the background. The patch is out. Here’s what happened and what you need to do. What Is ClawJacked? ClawJacked is the name given to a class of attack discovered by Oasis Security that targets OpenClaw’s local gateway server — the WebSocket service that runs on localhost to connect your browser to your AI agents. ...

OpenClaw Security Crisis: Six CVEs Patched, 40K Instances Exposed, and NanoClaw Rises Today is a tough day for OpenClaw’s security reputation — and an important one for anyone running the framework. Three interconnected stories broke simultaneously, painting a picture of an ecosystem under pressure: six newly-disclosed vulnerabilities, 40,000+ publicly exposed instances, and the rapid rise of a minimalist, security-first alternative called NanoClaw. Here’s the full picture, and what you need to do right now. ...

If you’re running OpenClaw with browser control features, you need to patch GHSA-mr32-vwc2-5j6h today. This how-to walks you through the full process: checking your current version, verifying exposure, patching, and applying the new Docker network hardening from 2026.2.21. For the threat model and full vulnerability details, see the news article on GHSA-mr32-vwc2-5j6h. Here we focus on the practical steps. Step 1: Check Your Current Version openclaw --version If you see anything before 2026.2.21-1, you’re vulnerable. The patch was shipped in the -1 suffix release specifically for this CVE — 2026.2.21 alone is not sufficient. ...

If you’re running OpenClaw and haven’t patched to 2026.2.21-1 yet, stop what you’re doing. There’s a high-severity vulnerability — GHSA-mr32-vwc2-5j6h — that you need to know about. What’s the Vulnerability? The flaw lives in OpenClaw’s Browser Relay: specifically, the /cdp WebSocket endpoint that powers browser control features. Prior to the patch, this endpoint had no authentication token requirement. That means any process running locally — or any attacker who can reach your machine — could connect to the CDP WebSocket without proving who they are. ...