OpenClaw public-facing RCE exposure with public exploit code remote code execution flaw
Vulnerability
Summary
Hide ▲
Show ▼
OpenClaw deployments exposed to the public internet face RCE risk, with 12,812 instances reportedly exploitable and public exploit code available. SecurityScorecard found 40,214 exposed instances tied to 28,663 unique IP addresses, and said the figure is still rising. The exposure is concentrated in China, the US, and Singapore, with information services the most impacted sector. Attackers could gain full access to systems the agent can interact with and abuse prompt injection or leaked API keys to widen the blast radius.
Related Happenings
OpenClaw outbound-mail approval gates and trust-scoped connector controls
Defensive Guidance
H score11
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
OpenClaw operators are adding **outbound-mail approval gates**, **trust-scoped connector access**, and **human approval** for risky actions to reduce **agent phishing** and unauth...
OpenClaw outbound-mail approval gates and trust-scoped connector controls
Defensive GuidanceAbout this happening: OpenClaw operators are adding **outbound-mail approval gates**, **trust-scoped connector access**, and **human approval** for risky actions to reduce **agent phishing** and unauth...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
Vulnerability
H score15
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
**OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
VulnerabilityAbout this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
Sentry agentjacking analysis shows malicious error events can trigger AI coding agents
Technical Analysis
H score38
First: 11.06.2026 12:15
Last: 11.06.2026 12:15
Sources 1
About this happening:
Researchers described **Agentjacking** as a new attack against **AI coding agents** that abuses **Sentry DSNs** and **MCP** to inject fake error data, causing agents like **Claude...
Sentry agentjacking analysis shows malicious error events can trigger AI coding agents
Technical AnalysisAbout this happening: Researchers described **Agentjacking** as a new attack against **AI coding agents** that abuses **Sentry DSNs** and **MCP** to inject fake error data, causing agents like **Claude...
ChromaDB Python API exposure mitigation (CVE-2026-45829)
Advisory/Mitigation
H score25
First: 20.05.2026 01:25
Last: 20.05.2026 01:25
Sources 1
About this happening:
**HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...
ChromaDB Python API exposure mitigation (CVE-2026-45829)
Advisory/MitigationAbout this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...
OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation
Security Tool/Service
H score25
First: 12.05.2026 09:55
Last: 12.05.2026 09:55
Sources 1
About this happening:
OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...
OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation
Security Tool/ServiceAbout this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...
Timeline
-
09.02.2026 11:30 2 articles · 5mo ago
OpenClaw public-facing exposure and RCE findings
Technical Analysis UpdateSecurityScorecard warned that OpenClaw, formerly Clawdbot and Moltbot, has 40,214 public-facing instances across 28,663 unique IP addresses, with 12,812 instances reportedly exploitable via remote code execution and 63% of observed deployments vulnerable. The analysis also says 549 exposed instances correlate with prior breach activity, 1,493 with known vulnerabilities, three high-severity CVEs have public exploit code, exposure is concentrated in China, the US and Singapore, information services is the most impacted industry, and some OpenClaw deployments face indirect prompt injection and leaked API key risk.
Show sources
- Researchers Find 40,000+ Exposed OpenClaw Instances — www.infosecurity-magazine.com — 09.02.2026 11:30
- How AI Assistants are Moving the Security Goalposts — krebsonsecurity.com — 09.03.2026 01:35
-
08.02.2026 09:32 2 articles · 5mo ago
OpenClaw adds VirusTotal scanning for ClawHub skills
Mitigation Patch UpdateOpenClaw partners with Google-owned VirusTotal to scan every skill uploaded to ClawHub using SHA-256 hashes and VirusTotal Code Insight, automatically approving benign bundles, flagging suspicious ones, and blocking malicious downloads; the security update also references a now-patched one-click remote code execution flaw that could leak the Gateway Control UI authentication token and enable arbitrary commands on the host.
Show sources
- OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills — thehackernews.com — 08.02.2026 09:32
- Researchers Reveal Six New OpenClaw Vulnerabilities — www.infosecurity-magazine.com — 19.02.2026 12:00