Christine Lemmer-WebberOpenClaw is averaging 1.8 CVEs *PER DAY* https://days-since-openclaw-cve.com/
That's... wow. New high score!
OpenClaw also got a terrifying privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Meanwhile the OpenClaw founder is claiming shush, it's no big deal, probably most of these aren't really exploitable! (There's good business interest reasons to argue that, since OpenClaw's founders got acquired by OpenAI) https://news.ycombinator.com/item?id=47629849
Okay. I know I have more than a few security researchers following me. There's a public list of literally hundreds of thousands of publicly accessible OpenClaw instances right here: https://openclaw.allegro.earth/
Anyone try taking a sampling of them and testing how vulnerable against recent escalation CVEs they are? Could be a rather juicy writeup!
By the way, I encourage browsing through the CVEs reported https://nvd.nist.gov/vuln/search#/nvd/home?keyword=openclaw&resultType=records
These are by and large not minor CVEs.
vv π« [follow my new artist profile!]@cwebber the more CVEs a project has, the more Web Scale it is
Henrik Pauli
Mongodb Mongodb Is Web Scale GIF - Mongodb Mongodb is web scale Fourth wall break - Discover & Share GIFs
Click to view the GIF
Hugo Mills
Diane
Luna, π for short. πΊπ¦@cwebber I mean you could make an argument that the CVE s dont matter given the target audience of openclaw 
@lunathemoongirl Indeed, OpenClaw is a CVE
@cwebber why bother exploiting the program when i can ask the Aiagent to please hand over all the keys and password 
solo