OpenClaw patch tackles critical flaw that could hand attackers full admin control

OpenClaw, the AI‑driven automation tool that has amassed over 347,000 GitHub stars since its November debut, received emergency patches this week for three high‑severity bugs. The most dangerous, CVE‑2026‑33579, scores between 8.1 and 9.8 out of 10 and lets a low‑level pairing credential silently elevate to full administrative rights, giving a malicious actor unrestricted access to the host’s files, accounts and connected services. Read more

Mar 4, 2026

OpenClaw AI Agent Faces Critical WebSocket Password Flaw, Patch Issued

Security researchers at Oasis uncovered a high‑severity vulnerability in the popular open‑source OpenClaw AI agent. The flaw lets a malicious website open a local WebSocket connection and brute‑force the gateway password, granting full control over the system. OpenClaw’s core gateway, which handles authentication for connected nodes, is exposed to localhost and can be compromised without any plugins or prior infection. A fix was released within 24 hours, and users are urged to upgrade to version 2026.2.25 or later. Read more