OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Researchers disclosed four OpenClaw flaws in the OpenShell managed sandbox backend that can be chained for data theft, privilege escalation, and persistence. The set includes CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118. The chain can bypass sandbox restrictions, read or redirect writes outside the intended mount root, execute unapproved commands, and impersonate an owner. OpenClaw version 2026.4.22 fixes the flaws, and users were told to update.
Related Happenings
OpenClaw outbound-mail approval gates and trust-scoped connector controls
Defensive Guidance
H score11
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
OpenClaw operators are adding **outbound-mail approval gates**, **trust-scoped connector access**, and **human approval** for risky actions to reduce **agent phishing** and unauth...
OpenClaw outbound-mail approval gates and trust-scoped connector controls
Defensive GuidanceAbout this happening: OpenClaw operators are adding **outbound-mail approval gates**, **trust-scoped connector access**, and **human approval** for risky actions to reduce **agent phishing** and unauth...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
Vulnerability
H score15
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
**OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
VulnerabilityAbout this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
TroyDen's Lure Factory GitHub Trojanized package campaign
Campaign
H score41
First: 24.03.2026 16:59
Last: 24.03.2026 16:59
Sources 1
About this happening:
The **TroyDen's Lure Factory** campaign is distributing **300+ Trojanized GitHub packages**, broadening supply-chain risk for **developers, gamers, and the general public**. One o...
TroyDen's Lure Factory GitHub Trojanized package campaign
CampaignAbout this happening: The **TroyDen's Lure Factory** campaign is distributing **300+ Trojanized GitHub packages**, broadening supply-chain risk for **developers, gamers, and the general public**. One o...
OpenClaw hardening guidance (CNCERT)
Advisory/Mitigation
H score24
First: 14.03.2026 18:17
Last: 14.03.2026 18:17
Sources 1
About this happening:
China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...
OpenClaw hardening guidance (CNCERT)
Advisory/MitigationAbout this happening: China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...
GhostLoader RAT-stealer via @openclaw-ai/openclawai
Malware Activity
H score30
First: 09.03.2026 20:31
Last: 09.03.2026 20:31
Sources 1
About this happening:
A malicious **@openclaw-ai/openclawai** npm package is delivering **GhostLoader** to **macOS** hosts, enabling **credential theft**, **browser-session cloning**, and persistent re...
GhostLoader RAT-stealer via @openclaw-ai/openclawai
Malware ActivityAbout this happening: A malicious **@openclaw-ai/openclawai** npm package is delivering **GhostLoader** to **macOS** hosts, enabling **credential theft**, **browser-session cloning**, and persistent re...
Timeline
-
15.05.2026 16:35 2 articles · 1mo ago
Cyera discloses Claw Chain flaws in OpenClaw
Initial DisclosureCyera disclosed four OpenClaw vulnerabilities in the OpenShell managed sandbox backend—CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118—that can be chained after code execution in the sandbox to bypass restrictions, read files outside the intended mount root, execute unapproved commands, impersonate an owner, and establish persistence; OpenClaw said the issues were addressed in version 2026.4.22.
Show sources
- Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence — thehackernews.com — 15.05.2026 16:35
- 'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments — www.darkreading.com — 19.05.2026 00:24