InfoSecBulletin Cybersecurity for mankind
A series of four security flaws found in OpenClaw, a rapidly growing open-source platform for self-operating AI agents, has put about 245,000 public server instances at risk of being hacked, having credentials stolen, and being installed with secret backdoors.
Originally started as “Clawdbot” in late 2025, OpenClaw links big language models to files, SaaS apps, user accounts, and working environments.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
Claw Chain OpenClaw Vulnerabilities
CVE-2026-44112 (CVSS 9.6 – Critical): A flaw in the OpenShell sandbox lets attackers change where data is written, which can allow them to alter settings and install hidden access on the host.
CVE-2026-44115 (CVSS 8.8 – High): A flaw in OpenClaw’s command checks and shell running lets environment variables — like API keys, tokens, and passwords — to escape through unquoted heredocs that seem safe during checks.
CVE-2026-44118 (CVSS 7.8 – High): OpenClaw trusts a flag from the client (senderIsOwner) without checking the user’s session. This lets a local process with a valid token gain owner-level control over the gateway setup, scheduling, and management.
CVE-2026-44113 (CVSS 7.7 – High): The same TOCTOU race condition pattern in read operations lets attackers swap validated file paths with symbolic links pointing outside the allowed mount root, exposing system files and internal artifacts the agent was never meant to access.
Shodan and ZoomEye scans from May 2026 show around 65,000 and 180,000 OpenClaw instances that anyone can access. This adds up to about 245,000 open servers.
Organizations using OpenClaw need to consider this as very important:
Patch immediately by applying the April 23, 2026, fixes covering GHSA-5h3g-6xhh-rg6p, GHSA-wppj-c6mr-83jj, GHSA-r6xh-pqhr-v4xh, and GHSA-x3h8-jrgh-p8jx.
Rotate all secrets — assume any environment variable or credential reachable by OpenClaw processes may already be compromised.
Identify exposed instances using Shodan scans or internal asset inventory and place them behind authentication or firewall controls.
Audit agent access and treat OpenClaw deployments as privileged identities subject to the same lifecycle controls as service accounts.
