A critical security issue has come to light regarding the widely used autonomous AI agent, OpenClaw. Four vulnerabilities, dubbed Claw Chain, put thousands of servers at risk, posing a serious threat to cybersecurity across multiple industries.
Cybersecurity experts at Cyera discovered these vulnerabilities, which affect all versions of OpenClaw released before April 23, 2026. The most alarming is CVE-2026-44112, which carries a severity score of 9.6 out of 10. This flaw allows attackers to bypass essential security boundaries, enabling the installation of permanent backdoors into affected systems. Such access can be catastrophic, providing cybercriminals with undetected entry into internal networks.
In addition to CVE-2026-44112, three other vulnerabilities—CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118—have been identified. Together, these issues enable a range of malicious activities, including the theft of private data, the substitution of safe file paths with symbolic links, and the leaking of sensitive information such as API keys. These vulnerabilities also allow unauthorized users to circumvent identity checks and gain administrator access.
As of May 2026, an estimated 65,000 to 180,000 OpenClaw servers are publicly accessible, heightening the urgency for organizations to address these vulnerabilities. The potential for exploitation is significant, and businesses relying on OpenClaw must act quickly to mitigate risks. Patches were released on April 23, 2026, and experts strongly recommend immediate updates and password changes.
This incident highlights a growing concern within the AI infrastructure domain regarding the security of autonomous agents. As these systems increasingly operate without direct human oversight, ensuring their integrity is crucial. The rise of AI agents across various sectors presents both opportunities and challenges, with cybersecurity emerging as a leading concern. Organizations must prioritize the security of AI deployments to prevent exploitation and protect sensitive information.
The vulnerabilities in OpenClaw serve as a wake-up call for businesses and developers, underscoring the need for regular security assessments and updates. As AI technology continues to evolve, the demand for stable security measures will only increase, making it essential for companies to stay ahead of potential threats.
Quick answers
What are the main vulnerabilities identified in OpenClaw?
The main vulnerabilities include CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118, which can lead to unauthorized access and data theft.
How many servers are at risk due to these vulnerabilities?
Between 65,000 and 180,000 OpenClaw servers are estimated to be publicly accessible and at risk.
What actions should organizations take in response to these vulnerabilities?
Organizations should immediately apply the patches released on April 23, 2026, and change any relevant passwords.
The stories that move AI & crypto markets — before the market reacts.
Free. 7am ET. Five stories. 62,400 readers.
