🐯虎嗅•Stalecollected in 6m
OpenClaw Faces Critical Security Vulnerabilities
💡Popular open-source AI agent vuln risks data breaches—secure deployments now
⚡ 30-Second TL;DR
What Changed
CNCERT warns of data leaks and infrastructure risks from OpenClaw defaults
Why It Matters
Highlights urgent security needs for open-source AI agents, spurring vendor tools but potentially slowing rapid adoption amid regulatory scrutiny.
What To Do Next
Deploy OpenClaw via Tencent Cloud with their security toolbox for sandbox isolation.
Who should care:Enterprise & Security Teams
🧠 Deep Insight
Web-grounded analysis with 8 cited sources.
🔑 Enhanced Key Takeaways
- •Security researchers identified over 17,500 internet-exposed instances of OpenClaw, Clawdbot, and Moltbot vulnerable to CVE-2026-25253, allowing unauthenticated extraction of API tokens for services like Claude, OpenAI, and Google AI via the /api/export-auth endpoint.[1]
- •Attackers distributed 341 malicious skills (12% of ClawHub marketplace) disguised as legitimate tools, deploying keyloggers on Windows and Atomic Stealer on macOS during the January 2026 ClawHavoc campaign.[5]
- •Censys detected 21,639 publicly accessible OpenClaw instances by January 31, 2026, with the US hosting the most and China (30% on Alibaba Cloud) second, many leaking plaintext credentials.[5]
🛠️ Technical Deep Dive
- •CVE-2026-25253 (CVSS 8.8) enables one-click RCE via WebSocket hijacking: malicious JavaScript on a webpage opens a local WebSocket connection, exfiltrates the gateway auth token, and grants full admin control, exploitable even on localhost-bound instances due to lack of origin validation.[1][2][3][4]
- •The /api/export-auth endpoint lacks authentication, exposing stored API keys in plaintext config files; infostealers like RedLine target these paths alongside browser creds.[1][2]
- •Additional flaws include CVE-2026-24763 and CVE-2026-25157 (command injection), no rate limiting on auth attempts, and ClawHub skills passing secrets through LLM context windows.[3][5]
🔮 Future ImplicationsAI analysis grounded in cited sources
AI agent marketplaces like ClawHub will implement mandatory skill vetting by Q2 2026
⏳ Timeline
2026-01
ClawHavoc: 341 malicious skills distributed via ClawHub marketplace
2026-01-27
Initial report of CVE-2026-25253 RCE vulnerability
2026-01-29
OpenClaw v2026.1.29 patches CVE-2026-25253 and command injection flaws
2026-01-31
Censys reports 21,639 exposed OpenClaw instances
2026-02-03
Public disclosure of CVE-2026-25253 with CVSS 8.8
2026-02-26
v2026.2.25 patches related ClawJacked vulnerability
📎 Sources (8)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- hunt.io — Cve 2026 25253 Openclaw AI Agent Exposure
- pacgenesis.com — Openclaw Security Risks What Security Teams Need to Know About AI Agents Like Openclaw in 2026
- adminbyrequest.com — Openclaw Went From Viral AI Agent to Security Crisis in Just Three Weeks
- runzero.com — Openclaw
- reco.ai — Openclaw the AI Agent Security Crisis Unfolding Right Now
- mastercard.com — Openclaw AI Security Standards
- dev.to — 7 Openclaw Security Challenges to Watch for in 2026 46b1
- darkreading.com — Critical Openclaw Vulnerability AI Agent Risks
📰
Weekly AI Recap
Read this week's curated digest of top AI events →
👉Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: 虎嗅 ↗