Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence — Ravie LakshmananMay 15, 2026Vulnerability / AI Security OpenClaw Flaws [https
What’s new: Four vulnerabilities in OpenClaw, collectively named Claw Chain, have been disclosed. These flaws can be exploited to achieve data theft, privilege escalation, and persistence. The vulnerabilities include CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118, with CVSS scores ranging from 7.7 to 9.6. They allow attackers to bypass sandbox restrictions, execute unapproved commands, and impersonate owners to gain elevated privileges.
Who’s affected
Users of OpenClaw versions prior to 2026.4.22 are at risk. The vulnerabilities can be exploited in environments where OpenShell is used, particularly if malicious plugins or compromised inputs are present.
What to do
- Update to OpenClaw version 2026.4.22 or later to mitigate the vulnerabilities.
- Review and monitor configurations for any unauthorized changes or suspicious activity.
- Implement additional security measures to detect and prevent exploitation attempts.
