Find notable cyber news and cases, enriched with sources, timelines, and signals.

OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

Researchers disclosed four OpenClaw flaws in the OpenShell managed sandbox backend that can be chained for data theft, privilege escalation, and persistence. The set includes CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118. The chain can bypass sandbox restrictions, read or redirect writes outside the intended mount root, execute unapproved commands, and impersonate an owner. OpenClaw version 2026.4.22 fixes the flaws, and users were told to update.

Related Happenings

OpenClaw outbound-mail approval gates and trust-scoped connector controls

Defensive Guidance
H score11 First: 11.06.2026 20:46 Last: 11.06.2026 20:46 Sources 1

About this happening: OpenClaw operators are adding **outbound-mail approval gates**, **trust-scoped connector access**, and **human approval** for risky actions to reduce **agent phishing** and unauth...

OpenClaw message-object prompt injection patched in 2026.4.23 security flaw

Vulnerability
H score15 First: 11.06.2026 20:46 Last: 11.06.2026 20:46 Sources 1

About this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...

TroyDen's Lure Factory GitHub Trojanized package campaign

Campaign
H score41 First: 24.03.2026 16:59 Last: 24.03.2026 16:59 Sources 1

About this happening: The **TroyDen's Lure Factory** campaign is distributing **300+ Trojanized GitHub packages**, broadening supply-chain risk for **developers, gamers, and the general public**. One o...

OpenClaw hardening guidance (CNCERT)

Advisory/Mitigation
H score24 First: 14.03.2026 18:17 Last: 14.03.2026 18:17 Sources 1

About this happening: China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...

GhostLoader RAT-stealer via @openclaw-ai/openclawai

Malware Activity
H score30 First: 09.03.2026 20:31 Last: 09.03.2026 20:31 Sources 1

About this happening: A malicious **@openclaw-ai/openclawai** npm package is delivering **GhostLoader** to **macOS** hosts, enabling **credential theft**, **browser-session cloning**, and persistent re...

Timeline

  1. 15.05.2026 16:35 2 articles · 1mo ago

    Cyera discloses Claw Chain flaws in OpenClaw

    Initial Disclosure

    Cyera disclosed four OpenClaw vulnerabilities in the OpenShell managed sandbox backend—CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118—that can be chained after code execution in the sandbox to bypass restrictions, read files outside the intended mount root, execute unapproved commands, impersonate an owner, and establish persistence; OpenClaw said the issues were addressed in version 2026.4.22.

    Show sources