Researchers from Cyera disclosed four vulnerabilities in OpenClaw, collectively referred to as “Claw Chain.” These vulnerabilities affect all OpenClaw versions prior to the patch released on April 23, 2026. They could be chained together to steal data, plant backdoors, and gain high-level control over affected systems. The report stated that approximately 65,000 to 180,000 OpenClaw servers are exposed to the public internet. This puts organizations using OpenClaw to connect with internal data, enterprise systems, or customer service environments at high risk.
The most severe vulnerability is CVE-2026-44112, with a CVSS score of 9.6. It is a timing issue in the OpenShell sandbox that could allow attackers to escape the sandbox boundary and plant a backdoor. Another vulnerability, CVE-2026-44113, with a CVSS score of 7.7, involves symbolic link file path manipulation that could expose restricted system files. CVE-2026-44115, with a CVSS score of 8.8, could lead to the leakage of sensitive information such as internal settings, API keys, and password tokens due to insufficient command validation before execution. CVE-2026-44118, with a CVSS score of 7.8, could allow local processes to bypass authentication checks and obtain owner-level privileges.
If these vulnerabilities are exploited together, attackers could use an AI agent as an initial access point to read sensitive information, escalate privileges, and establish persistence within the system. The resulting activity may appear similar to normal agent behavior, making detection more difficult. OpenClaw released patches for these vulnerabilities on April 23, 2026. Users should update immediately and consider rotating passwords, keys, and related credentials, as sensitive information may already have been accessed if the system was previously exposed to the internet.
Source : https://hackread.com/claw-chain-vulnerabilities-openclaw-ai-servers-risk/