Find notable cyber news and cases, enriched with sources, timelines, and signals.

OpenClaw 2026.6.6 security update for three flaws

Security Patch Release
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

OpenClaw maintainers shipped version 2026.6.6 to fix three security flaws that could enable credential theft, privilege escalation, and arbitrary code execution on the host. Two of the issues are command-injection bugs and the third is a path traversal/link-following flaw. The release reduces risk for deployments where lower-trust input can reach the affected paths.

Related Happenings

OpenClaw 2026.4.22 security patch release for Claw Chain flaws

Security Patch Release
H score24 First: 15.05.2026 16:35 Last: 15.05.2026 16:35 Sources 1

About this happening: OpenClaw released **version 2026.4.22** to fix **four CVE-backed vulnerabilities** in **OpenShell's managed sandbox backend** that could be chained for **data theft**, **privilege...

CERT Polska Ollama for Windows update-chain mitigation

Advisory/Mitigation
H score34 First: 10.05.2026 15:41 Last: 10.05.2026 15:41 Sources 1

About this happening: Mitigation guidance now tells **Ollama for Windows** users to disable **automatic updates** and remove the **Startup folder** shortcut because the unpatched update-chain flaws can...

OpenClaw hardening guidance (CNCERT)

Advisory/Mitigation
H score24 First: 14.03.2026 18:17 Last: 14.03.2026 18:17 Sources 1

About this happening: China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...

Cline CLI compromised token mitigation

Advisory/Mitigation
H score15 First: 20.02.2026 16:20 Last: 20.02.2026 16:20 Sources 1

About this happening: Cline maintainers released **version 2.4.0** to contain the **unauthorized npm publication** of **[email protected]**, which had been pushed with a **compromised publish token**. They a...

OpenClaw security patch release for CVE-2026-26322

Security Patch Release
H score36 First: 19.02.2026 12:00 Last: 19.02.2026 12:00 Sources 1

About this happening: **OpenClaw** released a **patch for six vulnerabilities** in its **agentic AI assistant**, addressing **SSRF**, **missing authentication**, and **path traversal** flaws that could...

Timeline

  1. 10.07.2026 17:19 2 articles · 1d ago

    OpenClaw 2026.6.6 fixes three flaws that could enable host compromise

    Mitigation Patch Update

    OpenClaw maintainers addressed GHSA-hjr6-g723-hmfm, GHSA-9969-8g9h-rxwm, and GHSA-575v-8hfq-m3mc in OpenClaw version 2026.6.6, closing two command-injection issues and one path traversal/link-following flaw that could allow credential theft, privilege escalation, arbitrary code execution, and sandbox escape on the host. Security researcher Chinmohan Nayak said the issues can be triggered from an external WhatsApp message, and operators were advised to upgrade, enable sandbox mode for non-main sessions, narrow tool allowlists, and restrict the affected feature to trusted users until patched.

    Show sources