AI/ML

4 vulnerabilities in OpenClaw AI agent put thousands of servers at risk

(Credit: sdx15 – stock.adobe.com)

A collection of four security vulnerabilities discovered in the popular autonomous AI agent OpenClaw has put thousands of servers at risk, according to a recent report by HackRead.

The vulnerabilities, collectively known as Claw Chain, were found by security experts at Cyera and affect all versions of OpenClaw released before April 23, 2026. The most critical flaw, CVE-2026-44112, has a severity score of 9.6 out of 10 and allows attackers to bypass security boundaries and install permanent backdoors. This can be combined with other high-severity vulnerabilities, such as CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118, to steal private data, swap safe file paths with symbolic links, leak sensitive information like API keys, and bypass identity checks to gain administrator access.

These flaws enable cybercriminals to use AI agents as undetectable tools for accessing internal systems. With an estimated 65,000 to 180,000 OpenClaw servers publicly accessible in May 2026, businesses may face significant risks. Patches were released on April 23, 2026, and immediate updates and password changes are recommended.

Source: HackRead

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds