Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

Researchers disclosed four OpenClaw flaws in the OpenShell managed sandbox backend that can be chained for data theft, privilege escalation, and persistence. The set includes CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118. The chain can bypass sandbox restrictions, read or redirect writes outside the intended mount root, execute unapproved commands, and impersonate an owner. OpenClaw version 2026.4.22 fixes the flaws, and users were told to update.

Related Happenings

TroyDen's Lure Factory GitHub Trojanized package campaign

Campaign
First: 24.03.2026 16:59 Last: 24.03.2026 16:59 Sources 1

About this happening: The **TroyDen's Lure Factory** campaign is distributing **300+ Trojanized GitHub packages**, broadening supply-chain risk for **developers, gamers, and the general public**. One o...

Open Happening

OpenClaw hardening guidance (CNCERT)

Advisory/Mitigation
First: 14.03.2026 18:17 Last: 14.03.2026 18:17 Sources 1

About this happening: China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...

Open Happening

GhostLoader RAT-stealer via @openclaw-ai/openclawai

Malware Activity
First: 09.03.2026 20:31 Last: 09.03.2026 20:31 Sources 1

About this happening: A malicious **@openclaw-ai/openclawai** npm package is delivering **GhostLoader** to **macOS** hosts, enabling **credential theft**, **browser-session cloning**, and persistent re...

Open Happening

OpenClaw fake installer GitHub campaign promoted by Bing AI

Campaign
First: 06.03.2026 00:37 Last: 06.03.2026 00:37 Sources 1

About this happening: A **last month** campaign used **fake OpenClaw installers** on **GitHub** and **Bing AI**-promoted search results to push **malware loaders** and **infostealers** to people trying...

Latest development: 09.03.2026 20:31

A malicious npm package named @openclaw-ai/openclawai, uploaded on March 3, 2026, masquerades as an OpenClaw installer and uses a postinstall hook to launch scripts/setup.js, display a fake CLI and iCloud Keychain prompt, and fetch a second-stage payload from trackpipe[.]dev. The chain installs a persistent RAT internally identified as GhostLoader and steals macOS Keychain data, browser credentials, crypto wallets, SSH keys, Apple Notes, iMessage history, Safari history, and Mail data before exfiltrating a tar.gz archive through the C2 server, Telegram Bot API, and GoFile.io.

Open Happening

OpenClaw ClawJacked localhost WebSocket brute-force security flaw

Vulnerability
First: 01.03.2026 23:44 Last: 01.03.2026 23:44 Sources 1

About this happening: **OpenClaw**’s **ClawJacked** vulnerability allowed a **malicious website** to brute-force a **localhost WebSocket** connection and take control of a local instance, putting **ses...

Open Happening

Timeline

  1. 15.05.2026 16:35 2 articles · 12d ago

    Cyera discloses Claw Chain flaws in OpenClaw

    Initial Disclosure

    Cyera disclosed four OpenClaw vulnerabilities in the OpenShell managed sandbox backend—CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118—that can be chained after code execution in the sandbox to bypass restrictions, read files outside the intended mount root, execute unapproved commands, impersonate an owner, and establish persistence; OpenClaw said the issues were addressed in version 2026.4.22.

    Show sources
    Open in new tab