Over 60 security vulnerabilities in AI assistant OpenClaw resolved

Anyone working with the AI assistant ClawBot should ensure that the current version is installed. If this is not the case, attackers can exploit more than 60 vulnerabilities and, in the worst case, completely compromise PCs.

ClawBot is an extremely powerful AI assistant that can, among other things, independently install software and operate email programs. To unleash its full potential, ClawBot requires extensive system privileges, which naturally poses risks.

Various Threats

A list of all recently closed vulnerabilities would exceed the scope of this report. CERT Bund from BSI lists a total of 67 security issues. The majority of vulnerabilities are classified with the threat level "high". However, there are also "critical" vulnerabilities. Despite the severity classification, the advisories on the OpenClaw GitHub page do not contain any CVE numbers.

A "critical" vulnerability with a maximum CVSS score of 10 out of 10 is considered the most dangerous. For such an attack to succeed, an attacker must be able to access a gateway as an authenticated user. If this is the case, they can inject and execute malicious code on hosts through an unspecified method. According to the description, this leads to a complete compromise of a system.

By successfully exploiting another "critical" vulnerability, attackers can bypass authentication in the context of the voice-call extension and thus trigger unauthorized or anonymous calls.

If attackers exploit the remaining software vulnerabilities, they can, among other things, gain unauthorized access to files or trigger crashes through DoS conditions.

Security Update

Currently, new OpenClaw versions are released regularly, often addressing security issues. The vulnerabilities mentioned in this report were fixed in **version 2026.2.15**.

For enhanced security, OpenClaw recently integrated the online virus scanner VirusTotal.

(des)