Find notable cyber news and cases, enriched with sources, timelines, and signals.

OpenClaw security patch release for CVE-2026-26322

Security Patch Release
First reported
Last updated
Happening score
H score 36
2 unique sources, 2 articles

Summary

Hide ▲

OpenClaw released a patch for six vulnerabilities in its agentic AI assistant, addressing SSRF, missing authentication, and path traversal flaws that could weaken request handling and access controls. The bundle includes CVE-2026-26322, CVE-2026-26319, and CVE-2026-26329, with severities ranging from moderate to high. The update matters because the flaws span multiple tools and webhook paths, creating risk across Gateway, image upload, and authentication workflows.

Related Happenings

NHS England Digital libssh2 update advisory for CVE-2026-55200

Advisory/Mitigation
H score38 First: 29.06.2026 10:06 Last: 29.06.2026 10:06 Sources 1

About this happening: **NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...

Microsoft open-sources RAMPART and Clarity for AI agent security testing and design review

Security Tool/Service
H score10 First: 20.05.2026 20:06 Last: 20.05.2026 20:06 Sources 1

About this happening: **Microsoft** open-sourced **RAMPART** and **Clarity**, adding **AI agent security testing** and **design-time reasoning** capabilities that help developers catch risks before dep...

Fortinet security patch release for CVE-2026-44277

Security Patch Release
H score39 First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Cisco security patch release for CVE-2026-20184

Security Patch Release
H score44 First: 16.04.2026 14:27 Last: 16.04.2026 14:27 Sources 1

About this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
H score53 First: 07.04.2026 12:26 Last: 07.04.2026 12:26 Sources 1

About this happening: **Fortinet FortiClient EMS** is a **security-patch release** happening centered on **CVE-2026-35616** and **CVE-2026-21643**. Fortinet issued an **out-of-band emergency hotfix** a...

Latest development: 28.05.2026 18:26

Arctic Wolf observed threat actors abusing FortiClient Endpoint Management Server (EMS) and CVE-2026-35616 in May 2026 to modify EMS-managed configuration, disguise FortiEndpoint_Patch.exe as a Fortinet endpoint update, and use fortitray.exe, cmd.exe, and a Base64-encoded PowerShell chain to download malware and exfiltrate browser data to 83.138.53[.]110.

Timeline

  1. 19.02.2026 12:00 3 articles · 4mo ago

    OpenClaw patches six vulnerabilities

    Mitigation Patch Update

    OpenClaw released fixes for six vulnerabilities in its agentic AI assistant, including CVE-2026-26322 in the Gateway tool, CVE-2026-26319 for missing Telnyx webhook authentication, and CVE-2026-26329 path traversal in browser upload, alongside SSRF and authentication issues affecting OpenClaw’s image tool, Urbit authentication, and Twilio webhook authentication.

    Show sources
  2. 19.02.2026 12:00 1 articles · 4mo ago

    Endor Labs and SecurityScorecard highlight broader OpenClaw exposure

    Technical Analysis Update

    Endor Labs said it had found seven OpenClaw vulnerabilities in total and noted three high-severity CVEs with public exploit code available, while SecurityScorecard warned that tens of thousands of misconfigured OpenClaw instances exposed to the public internet could let attackers reach sensitive corporate systems.

    Show sources