OpenClaw security patch release for CVE-2026-26322
Security Patch Release
Summary
Hide ▲
Show ▼
OpenClaw released a patch for six vulnerabilities in its agentic AI assistant, addressing SSRF, missing authentication, and path traversal flaws that could weaken request handling and access controls. The bundle includes CVE-2026-26322, CVE-2026-26319, and CVE-2026-26329, with severities ranging from moderate to high. The update matters because the flaws span multiple tools and webhook paths, creating risk across Gateway, image upload, and authentication workflows.
Related Happenings
NHS England Digital libssh2 update advisory for CVE-2026-55200
Advisory/Mitigation
H score38
First: 29.06.2026 10:06
Last: 29.06.2026 10:06
Sources 1
About this happening:
**NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...
NHS England Digital libssh2 update advisory for CVE-2026-55200
Advisory/MitigationAbout this happening: **NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...
Microsoft open-sources RAMPART and Clarity for AI agent security testing and design review
Security Tool/Service
H score10
First: 20.05.2026 20:06
Last: 20.05.2026 20:06
Sources 1
About this happening:
**Microsoft** open-sourced **RAMPART** and **Clarity**, adding **AI agent security testing** and **design-time reasoning** capabilities that help developers catch risks before dep...
Microsoft open-sources RAMPART and Clarity for AI agent security testing and design review
Security Tool/ServiceAbout this happening: **Microsoft** open-sourced **RAMPART** and **Clarity**, adding **AI agent security testing** and **design-time reasoning** capabilities that help developers catch risks before dep...
Fortinet security patch release for CVE-2026-44277
Security Patch Release
H score39
First: 12.05.2026 21:23
Last: 12.05.2026 21:23
Sources 1
About this happening:
Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Fortinet security patch release for CVE-2026-44277
Security Patch ReleaseAbout this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Cisco security patch release for CVE-2026-20184
Security Patch Release
H score44
First: 16.04.2026 14:27
Last: 16.04.2026 14:27
Sources 1
About this happening:
**Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Cisco security patch release for CVE-2026-20184
Security Patch ReleaseAbout this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch Release
H score53
First: 07.04.2026 12:26
Last: 07.04.2026 12:26
Sources 1
About this happening:
**Fortinet FortiClient EMS** is a **security-patch release** happening centered on **CVE-2026-35616** and **CVE-2026-21643**. Fortinet issued an **out-of-band emergency hotfix** a...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch ReleaseAbout this happening: **Fortinet FortiClient EMS** is a **security-patch release** happening centered on **CVE-2026-35616** and **CVE-2026-21643**. Fortinet issued an **out-of-band emergency hotfix** a...
Latest development: 28.05.2026 18:26
Arctic Wolf observed threat actors abusing FortiClient Endpoint Management Server (EMS) and CVE-2026-35616 in May 2026 to modify EMS-managed configuration, disguise FortiEndpoint_Patch.exe as a Fortinet endpoint update, and use fortitray.exe, cmd.exe, and a Base64-encoded PowerShell chain to download malware and exfiltrate browser data to 83.138.53[.]110.
Timeline
-
19.02.2026 12:00 3 articles · 4mo ago
OpenClaw patches six vulnerabilities
Mitigation Patch UpdateOpenClaw released fixes for six vulnerabilities in its agentic AI assistant, including CVE-2026-26322 in the Gateway tool, CVE-2026-26319 for missing Telnyx webhook authentication, and CVE-2026-26329 path traversal in browser upload, alongside SSRF and authentication issues affecting OpenClaw’s image tool, Urbit authentication, and Twilio webhook authentication.
Show sources
- Researchers Reveal Six New OpenClaw Vulnerabilities — www.infosecurity-magazine.com — 19.02.2026 12:00
- Researchers Reveal Six New OpenClaw Vulnerabilities — www.infosecurity-magazine.com — 19.02.2026 12:00
- ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21
-
19.02.2026 12:00 1 articles · 4mo ago
Endor Labs and SecurityScorecard highlight broader OpenClaw exposure
Technical Analysis UpdateEndor Labs said it had found seven OpenClaw vulnerabilities in total and noted three high-severity CVEs with public exploit code available, while SecurityScorecard warned that tens of thousands of misconfigured OpenClaw instances exposed to the public internet could let attackers reach sensitive corporate systems.
Show sources
- Researchers Reveal Six New OpenClaw Vulnerabilities — www.infosecurity-magazine.com — 19.02.2026 12:00