Security

OpenClaw 2026.2.23 Released: Claude Opus 4.6 Support and SSRF Policy Overhaul If you’re running a self-hosted OpenClaw deployment, today is the day you need to pay attention. The 2026.2.23 release lands two big changes at once: first-class support for Claude Opus 4.6, and a breaking change to how the browser SSRF (Server-Side Request Forgery) policy works. Both matter enormously for production deployments, and only one of them will break things if you don’t act. ...

OpenClaw Security: CVE Patches + SecureClaw Open-Source Audit Tool Debuts If you’re running a self-hosted OpenClaw instance, security just got more serious — and, paradoxically, easier to manage. Two CVEs were patched in v2026.1.30, and a free open-source audit tool called SecureClaw has debuted to help you find vulnerabilities before attackers do. Here’s what you need to know and what to do about it. The CVEs: What Was Fixed CVE-2026-25593 Patched in OpenClaw v2026.1.30. Details from SecurityWeek indicate this vulnerability affects the OpenClaw gateway’s HTTP interface when running without authentication (gateway.http.no_auth: true). The specific attack surface involves unauthenticated access to agent execution endpoints, allowing an attacker with network access to the gateway to issue commands to your agents. ...

OpenClaw v2026.2.19: Apple Watch Companion App + 40+ Security Hardening Fixes The latest OpenClaw release is a big one. Version 2026.2.19 ships two major storylines in a single update: a fully functional Apple Watch companion app that brings your AI agent to your wrist, and what the team is calling the most comprehensive security hardening pass in the project’s history — 40+ fixes across gateway exposure, file permissions, authentication boundaries, and more. A follow-up patch (2026.2.21-1) shipped via npm shortly after. ...

OpenClaw Security Crisis: Six CVEs Patched, 40K Instances Exposed, and NanoClaw Rises Today is a tough day for OpenClaw’s security reputation — and an important one for anyone running the framework. Three interconnected stories broke simultaneously, painting a picture of an ecosystem under pressure: six newly-disclosed vulnerabilities, 40,000+ publicly exposed instances, and the rapid rise of a minimalist, security-first alternative called NanoClaw. Here’s the full picture, and what you need to do right now. ...

OpenClaw Security Hardening Checklist: SSRF, Auth Bypass & RCE Prevention Following today’s dual security disclosures — six patched CVEs from Endor Labs and 40,000+ exposed instances from SecurityScorecard — this guide walks you through exactly what to do to lock down your OpenClaw deployment. Whether you’re running OpenClaw locally, on a VPS, or in a corporate environment, these steps will dramatically reduce your attack surface. Bookmark this. Share it with your team. Run through it today. ...

OpenClaw v2026.2.21: Gemini 3.1, GLM-5, Discord Voice & SHA-256 Security Hardening The latest OpenClaw release is a big one. Version 2026.2.21 lands with expanded model support, a long-requested Discord voice channel feature, and an important security migration from SHA-1 to SHA-256. Here’s everything you need to know — and how to take advantage of it. What’s New in v2026.2.21 Gemini 3.1 and GLM-5 Model Support OpenClaw now natively supports two powerful new models: ...

Anthropic is extending Claude Code beyond code generation into active security work. Claude Code Security, now available in limited research preview via claude.com, scans entire codebases for vulnerabilities, validates findings to minimize false positives, and suggests human-reviewable patches. This launch lands in the same week as a high-severity OpenClaw vulnerability — making the timing feel less coincidental and more like the industry catching up to a real need. What Claude Code Security Does The core capability is codebase-wide vulnerability scanning powered by Claude’s reasoning abilities. Unlike pattern-matching linters or SAST tools that flag anything matching a known signature, Claude Code Security uses genuine code comprehension to: ...

If you’re running OpenClaw with browser control features, you need to patch GHSA-mr32-vwc2-5j6h today. This how-to walks you through the full process: checking your current version, verifying exposure, patching, and applying the new Docker network hardening from 2026.2.21. For the threat model and full vulnerability details, see the news article on GHSA-mr32-vwc2-5j6h. Here we focus on the practical steps. Step 1: Check Your Current Version openclaw --version If you see anything before 2026.2.21-1, you’re vulnerable. The patch was shipped in the -1 suffix release specifically for this CVE — 2026.2.21 alone is not sufficient. ...

OpenClaw’s 2026.2.21 release is one of the most feature-dense updates the project has shipped — and it arrived alongside a critical security patch that makes upgrading non-optional. Here’s a full breakdown of what’s new. Gemini 3.1 Support The headline feature: OpenClaw now supports Google Gemini 3.1 via the model alias google/gemini-3.1-pro-preview. This puts Gemini 3.1 on equal footing with Claude and other supported providers in the OpenClaw model routing layer. You can specify it in your agent config just like any other model: ...

If you’re running OpenClaw and haven’t patched to 2026.2.21-1 yet, stop what you’re doing. There’s a high-severity vulnerability — GHSA-mr32-vwc2-5j6h — that you need to know about. What’s the Vulnerability? The flaw lives in OpenClaw’s Browser Relay: specifically, the /cdp WebSocket endpoint that powers browser control features. Prior to the patch, this endpoint had no authentication token requirement. That means any process running locally — or any attacker who can reach your machine — could connect to the CDP WebSocket without proving who they are. ...