What are the OpenClaw April 2026 CVEs?

Six HIGH-severity CVEs (CVE-2026-35625, 35629, 35637, 35638, 35668, 35669) were disclosed April 9-10 covering privilege escalation, path traversal, and SSRF in OpenClaw versions before 2026.3.25.

What is CVE-2026-35669 in OpenClaw?

A privilege escalation vulnerability (CVSS 8.8) in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin scope regardless of caller permissions.

What is CVE-2026-35668 OpenClaw path traversal?

A sandbox path traversal vulnerability allowing sandboxed agents to read arbitrary files from other agents workspaces via unnormalized mediaUrl or fileUrl parameter keys.

How to fix OpenClaw April 2026 CVEs?

Upgrade to OpenClaw version 2026.3.25 or later. All six CVEs are patched in that release.

How many OpenClaw instances are vulnerable to privilege escalation?

Security researchers found 135K+ OpenClaw instances exposed to the public internet. Many running versions before 2026.3.25 are vulnerable to these privilege escalation and path traversal attacks.

What is OpenClaw SSRF vulnerability CVE-2026-35629?

A server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs, allowing attackers to redirect requests to internal endpoints.

Are OpenClaw April 2026 CVEs being exploited?

No confirmed exploitation as of April 12, 2026, though proof-of-concept code has been observed for some of the vulnerabilities.

← Back to dashboard

clawsmith.com/signal/openclaw-april-cve-batch-priv-esc-path-traversal-hn

⚠ IssueWide OpenSecurityLive

OpenClaw April CVE Batch: 6 HIGH-Severity Privilege Escalation and Path Traversal CVEs Spark 514-Point HN Discussion

Between April 9-10, 2026, 6 new HIGH-severity CVEs (CVE-2026-35625, 35629, 35637, 35638, 35668, 35669) were disclosed for OpenClaw versions before 2026.3.25, covering privilege escalation via scope boundary bypass, sandbox path traversal allowing cross-agent file reads, and SSRF in channel extensions. The HN discussion hit 514 points and 256 comments with debate over 135K+ publicly exposed instances.

Product Idea from this Signal

A reverse proxy that enforces scope boundaries on OpenClaw gateway plugin routes and normalizes sandbox file paths before forwarding

770 ▲

OpenClaw's gateway plugin HTTP routes have a class of vulnerabilities where authenticated callers can escalate to operator.admin scope regardless of their actual permissions (CVE-2026-35669, CVSS 8.8), and sandboxed agents can read arbitrary files across workspaces through unnormalized path parameters (CVE-2026-35668). With 135K+ OpenClaw instances publicly exposed and six new HIGH-severity CVEs disclosed in April 2026 alone, a standalone reverse proxy that sits in front of the gateway and validates every plugin route call against the caller's granted scopes, while normalizing all file path parameters including mediaUrl and fileUrl aliases, would close these attack vectors without waiting for upstream patches.

SECURITYPROXYOPEN-SOURCEDEVTOOL

CompetitiveView Opportunity →