OpenClaw has serious security vulnerabilities

According to research from AI application building company Blink, a vulnerability exists in OpenClaw that allows anyone with the lowest access rights to silently upgrade to full administrator rights if exploited. The problem occurs when the system paired with OpenClaw fails to verify whether the approver actually has the authorization authority.

“So an attacker who only needs basic pairing permissions can request administrative rights and approve his own request,” a Blink representative explained on the blog. “Basically, the door was opened from the inside.”

According to the research team, approximately 63% of Internet-connected OpenClaw instances currently running do not have any authentication. On those systems, an attacker doesn’t even need a low-level account to get started but can still infiltrate from the outside and gradually climb to administrative rights.

Talk to Ars Technicathe team said it sent a bug report to the OpenClaw team last week. However, on April 7, three new patches were announced, of which the most dangerous vulnerability is CVE-2026-33579, reaching 9.8/10 in severity.

Theo Mashable,CVE-2026-33579 is the 6th pairing-related vulnerability discovered in OpenClaw in 6 weeks. All are variations of the same basic design flaw in how the engine handles permissions. Each patch only addresses a specific vulnerability individually instead of redesigning the authorization system to completely fix it. Therefore, this site believes that if the OpenClaw team does not have a comprehensive solution, new dangerous vulnerabilities are likely to appear in the future.

OpenClaw has not yet commented. Previously, founder Peter Steinberger warned potential users on GitHub that “no setup is completely secure.”

OpenClaw was born in November 2025 and quickly caused a global sensation recently. This is a free software package that allows users to create AI agents, meaning systems that can perform tasks automatically without requiring too much human intervention. The platform acts as a bridge between today’s powerful AI models such as Anthropic Claude or OpenAI GPT with the actual tasks that people really want AI to perform. After setting up their own OpenClaw agent on their computer or through a virtual provider, users can compose text or WhatsApp messages to the AI, instructing it to perform various tasks.

Designed to be easy for anyone to use, OpenClaw connects to paid or open source AI systems, many of which come from China such as DeepSeek and Alibaba. Once created, AI agents can also learn how to perform new tasks on their own, remembering details of the user’s preferences, thereby allowing them to self-adjust the model to the owner’s preferences over time. The platform currently relies on a small team of volunteers tasked with maintaining source code stability, resolving user issues, and patching security bugs.

Theo BloombergOn March 10, the China National Computer Network Emergency Response Coordination Center (CNCERT/CC) warned that improper installation and use of OpenClaw could expose users to cybersecurity risks. On the same day, China’s Ministry of Industry and Information Technology warned that default or incorrect OpenClaw configurations could make the system vulnerable to cyber attacks or data leaks. On March 13, the China Academy of Information and Communications Technology launched an initiative to develop standards for “claw” agents like OpenClaw with the goal of “addressing their lack of transparency in decision-making processes.”

Experts warn that OpenClaw is in the process of being developed, so it will face problems with security, reliability and the possibility of abuse. According to Tom’s Hardwareextending an agent’s capabilities may expose sensitive data or perform unintended actions. OpenClaw also requires high-level device access to perform some automated tasks, increasing the risk of unauthorized system access or data leakage.