Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed four vulnerabilities in the OpenClaw platform, collectively known as Claw Chain. These flaws can lead to data theft, privilege escalation, and persistent control over systems using AI agents. The most critical vulnerability has a CVSS score of 9.6 and allows attackers to escape sandbox restrictions.
- ▪The vulnerabilities are tracked as CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118.
- ▪CVE-2026-44112 allows attackers to redirect writes outside the intended sandbox boundary, posing significant risks.
- ▪The flaws can be exploited to achieve sensitive data exposure and owner-level privilege escalation.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3905970) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Vulert Posted on May 18 • Originally published at vulert.com Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence #openclaw #clawchain #aisecurity #datatheft Four OpenClaw flaws have been disclosed by cybersecurity researchers, exposing serious risks in AI-agent environments where autonomous systems can access files, credentials, execution tools, and enterprise workflows.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
