Brian Greenberg 

A Meta exec threatened to fire anyone who put OpenClaw on a work laptop. That's not being paranoid either. OpenClaw just patched a flaw that allowed anyone with the lowest permission level to silently escalate to full admin. No user interaction. No second exploit needed. Just pairing access, and you own the instance. On top of that, 63% of the 135,000 internet-exposed OpenClaw instances were running with zero authentication. On those deployments, the "lowest permission" wasn't even required. Any network visitor could just walk in. 😳

🧩 The patches dropped Sunday. The CVE listing didn't come until Tuesday. Attackers had a two-day head start.

πŸ”‘ Full admin means read all connected data sources, exfiltrate stored credentials, execute arbitrary tool calls, and pivot to whatever else the agent touches. Slack. Discord. Files. Logged-in sessions. All of it.

πŸ€” The real question isn't whether OpenClaw has security problems. Every tool does. The question is whether your organization decided to hand an inherently unpredictable LLM the keys to your environment before asking who else might be able to grab them.

If you're running OpenClaw, check your pairing approval logs. Then have an honest conversation about whether the productivity trade-off still makes sense.

https://arstechnica.com/security/2026/04/heres-why-its-prudent-for-openclaw-users-to-assume-compromise/
#Cybersecurity #AIAgents #ZeroTrust #security #privacy #cloud #infosec

Apr 6 at 2:41pmWeb
Show threadmrfoostang πŸ‡¨πŸ‡¦ 20h ago
@[email protected] @[email protected] I follow #CVEs as part of my role at work and can confirm that there has been a loooong stream of #OpenClaw CVEs every day for weeks now.

On the other hand, it is specifically called out in the docs that it should not be exposed to the internet directly. I know that doesn’t mitigate the CVEs but it certainly makes them less exploitable.