A frightening OpenClaw vulnerability has been discovered

0
2كيلو بايت

A frightening OpenClaw vulnerability has been discovered

If you've been using OpenClaw, the wildly popular AI agentic tool that took the developer community by storm, you should probably update it if you haven't done so already.

OpenClaw, as we've reported in the past, has widely known security problems. From the beginning, OpenClaw creator Peter Steinberger has warned potential users on GitHub that "There is no 'perfectly secure' setup."

Users can grant OpenClaw control over their devices and access to specific apps, local files, and logged-in accounts, allowing it to act on their behalf with full user permissions. That's the whole point of this agentic AI assistant. That's also why, as security researchers have been warning for months, it's a significant risk if something goes wrong.

Now, predictably, something went wrong.

According to Ars Technica, developers at OpenClaw patched three high-severity vulnerabilities early last week, the most serious of which — CVE-2026-33579 — scored 9.8 out of 10 on the severity scale. Researchers at AI app-builder Blink found that the flaw allowed anyone with the lowest possible level of access to silently upgrade themselves to full administrator.

Mashable Light Speed

The mechanics, as Blink described them, are straightforward. OpenClaw's device pairing system failed to verify whether the person approving an access request actually had the authority to grant the request. So, an attacker with basic pairing privileges could simply ask for admin access and approve their own request. The door was, functionally, unlocked from the inside.

Just how many users' Claw setups were vulnerable to takeover? Blink researchers reported that about 63 percent of internet-connected OpenClaw instances were running without any authentication. On those deployments, an attacker didn't even need a low-level account to get started — they could walk in off the street and work their way up to admin.

Ars Technica notes that the patch was released on Sunday, April 5, but the official CVE listing didn't appear until Tuesday. That two-day gap gave attackers who were paying attention a head start before most users would have known to update.

Blink noted that CVE-2026-33579 is the sixth pairing-related vulnerability disclosed in OpenClaw in six weeks — all variations on the same underlying design flaw in how the tool handles permissions. Each patch has addressed a specific exploit in isolation rather than rearchitecting the authorization system responsible for all of them.

If you're running OpenClaw, update to version 2026.3.28 immediately. If you were running an older version in the past week, Ars Technica and Blink both recommend treating your instance as potentially compromised and auditing your activity logs for suspicious device approvals.

Beyond that, it may be worth asking whether the productivity gains from a tool this powerful are worth the security risks that come with it.

البحث
الأقسام
إقرأ المزيد
Technology
Still building your own presentations? Let this $40 AI tool do it for you.
Still building your own presentations? Let this $40 AI tool do it for you....
بواسطة Test Blogger7 2026-04-21 10:00:19 0 1كيلو بايت
Technology
The Jackery HomePower 3600 Plus power station is massively discounted at Amazon — save over $1,000
Best portable power station deal: Save over $1,000 on Jackery HomePower 3600 Plus...
بواسطة Test Blogger7 2026-05-12 10:00:23 0 882
Technology
You can now pause forced Windows updates indefinitely, but theres a catch
Windows updates can now be paused indefinitely, but there's a catch...
بواسطة Test Blogger7 2026-04-27 11:00:11 0 977
Food
Believing This Aldi Myth Could Cost You Money
Believing This Aldi Myth Could Cost You Money...
بواسطة Test Blogger1 2026-02-27 00:00:13 0 2كيلو بايت
الألعاب
Hogwarts Legacy is free on Epic Games Store again, and tinfoil Sorting Hat on, I think it's time for a sequel reveal
Hogwarts Legacy is free on Epic Games Store again, and tinfoil Sorting Hat on, I think it's time...
بواسطة Test Blogger6 2026-05-01 16:00:24 0 955