Critical OpenClaw Vulnerabilities Enable AI Agent Hijack and System‑Level Takeover
What Happened — Researchers at Cyera identified four chained vulnerabilities in the open‑source OpenClaw platform (CVE‑2026‑44112, CVE‑2026‑44115, CVE‑2026‑44118, CVE‑2026‑44113). Exploiting the flaws allowed an adversary to move from an initial foothold inside an AI agent to persistent, system‑level control, stealing credentials, redirecting file writes, and planting backdoors. All four issues have been patched as of 23 April 2026.
Why It Matters for TPRM —
- AI‑agent platforms are increasingly embedded in critical business workflows; a compromise can give attackers “hands‑on” access to the host environment.
- The chainable nature of the bugs bypasses traditional validation controls, expanding the blast radius across any organization that deploys OpenClaw.
- Unpatched installations could expose credentials, configuration files, and internal services, creating a supply‑chain risk for downstream vendors and customers.
Who Is Affected — Technology and SaaS providers, financial services, healthcare, and any enterprise that integrates OpenClaw‑based autonomous agents into its infrastructure.
Recommended Actions —
- Verify that all OpenClaw instances are updated to version ≥ April 23 2026.
- Conduct a focused audit of AI‑agent sandbox configurations and privilege boundaries.
- Deploy behavioral monitoring to detect anomalous agent actions that may indicate exploitation of similar logic‑time gaps.
- Review third‑party risk registers for any vendors relying on OpenClaw and confirm remediation status.
Technical Notes — The primary flaw (CVE‑2026‑44112) is a timing‑of‑check‑to‑time‑of‑use (TOCTOU) vulnerability in the sandboxed execution environment (CVSS 9.6). The remaining CVEs chain validation bypasses, environment‑variable leakage, token‑based privilege escalation, and path‑redirection attacks. Exploited data includes system credentials, configuration files, and the ability to write arbitrary files outside the sandbox. Source: DataBreachToday