Oberst Enzian
Christine Lemmer-WebberOpenClaw is averaging 1.8 CVEs *PER DAY* https://days-since-openclaw-cve.com/
That's... wow. New high score!
OpenClaw also got a terrifying privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Meanwhile the OpenClaw founder is claiming shush, it's no big deal, probably most of these aren't really exploitable! (There's good business interest reasons to argue that, since OpenClaw's founders got acquired by OpenAI) https://news.ycombinator.com/item?id=47629849
Okay. I know I have more than a few security researchers following me. There's a public list of literally hundreds of thousands of publicly accessible OpenClaw instances right here: https://openclaw.allegro.earth/
Anyone try taking a sampling of them and testing how vulnerable against recent escalation CVEs they are? Could be a rather juicy writeup!
By the way, I encourage browsing through the CVEs reported https://nvd.nist.gov/vuln/search#/nvd/home?keyword=openclaw&resultType=records
These are by and large not minor CVEs.
vv ๐ซ [follow my new artist profile!]@cwebber the more CVEs a project has, the more Web Scale it is
Henrik Pauli
Mongodb Mongodb Is Web Scale GIF - Mongodb Mongodb is web scale Fourth wall break - Discover & Share GIFs
Click to view the GIF
Hugo Mills
Diane
Luna, ๐ for short. ๐บ๐ฆ@cwebber I mean you could make an argument that the CVE s dont matter given the target audience of openclaw 
@lunathemoongirl Indeed, OpenClaw is a CVE
@cwebber why bother exploiting the program when i can ask the Aiagent to please hand over all the keys and password 
solo
Haelwenn /ัะปะฒัะฝ/ 
@cwebber Wow, now that's LLMs being productive!
/dev/urandom@cwebber honestly, at this point i expect openclaw servers to get automatically hacked within minutes, the same way you couldn't let a windows xp sp1 machine online without having it subjected to either the malware that knocked down a system service and forced your machine to shut down after a minute or the malware that knocked down a system service and caused weird bugs to happen
Jan D
Markus Perdrizat@cwebber
OpenClaw is averaging 1.8 CVEs *PER DAY*... since day 1, i.e. November 2025, wow!
They must be popular to have so many security researchers check them out ๐ค
Snippety Snap (she/her)@cwebber
CVE = Common Vulnerabilities and Exposures, in case that helps anyone else besides me
I try to do for initialisms and acronyms what alt text does for images.
Wikipedia: "The Common Vulnerabilities and Exposures (CVE) system, originally Common Vulnerability Enumeration, provides a reference method for publicly known information-security vulnerabilities and exposures."
Thanatoid Jones@shansterable @cwebber Thank you!
Danny Boling โฎ๏ธ
disorderlyf
Turre
Seth Hanford ๐ก@cwebber Everybody: AI canโt find CVEs
OpenClaw: Bet
OpenClaw: Bet
Bernd Petrovitsch๐ด๐ด๐ดโ๏ธ๐ณ๏ธโ๐๐ฆ๐น๐ช๐บ
Ellie
lupus_blackfurThe mind boggles to consider that anyone, anywhere, at anytime expected *any* different outcome from this snake-oil hyped up malarkey laughingly characterized as "AI"...
๐คฆโโ๏ธ๐คทโโ๏ธ๐คก๐ซ๐๐๐ฉ๐ฉ
Raphael
Pat
Eloy. @ EH23@cwebber average CVSS value is a boring metric, I think this is more fun