Christine Lemmer-Webber1d ago

OpenClaw is averaging 1.8 CVEs *PER DAY* https://days-since-openclaw-cve.com/

That's... wow. New high score!

OpenClaw CVE Tracker — Intruder

Tracking days since the last OpenClaw CVE, because apparently that's a full-time job.

Show threadChristine Lemmer-Webber1d ago

OpenClaw also got a terrifying privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579

Meanwhile the OpenClaw founder is claiming shush, it's no big deal, probably most of these aren't really exploitable! (There's good business interest reasons to argue that, since OpenClaw's founders got acquired by OpenAI) https://news.ycombinator.com/item?id=47629849

Okay. I know I have more than a few security researchers following me. There's a public list of literally hundreds of thousands of publicly accessible OpenClaw instances right here: https://openclaw.allegro.earth/

Anyone try taking a sampling of them and testing how vulnerable against recent escalation CVEs they are? Could be a rather juicy writeup!

NVD - CVE-2026-33579

Show threadChristine Lemmer-Webber1d ago

By the way, I encourage browsing through the CVEs reported https://nvd.nist.gov/vuln/search#/nvd/home?keyword=openclaw&resultType=records

These are by and large not minor CVEs.

NVD - Search and Statistics

Show threadvv 💫 [follow my new artist profile!]1d ago
@cwebber the more CVEs a project has, the more Web Scale it is
Show threadHenrik Pauli1d ago
@vv @cwebber https://tenor.com/h1iAp0cylbl.gif
Mongodb Mongodb Is Web Scale GIF - Mongodb Mongodb is web scale Fourth wall break - Discover & Share GIFs

Click to view the GIF

Tenor
Show threadvv 💫 [follow my new artist profile!]1d ago
@phl @cwebber yep, this is what i was thinking of, haha
Show threadHenrik Pauli
@vv @cwebber It lives rent free in our heads all these years later :D
Apr 4 at 5:57pmTusky
Show threadvv 💫 [follow my new artist profile!]1d ago
@phl @cwebber i can't bring myself to watch it because the voice is so annoying