Connect Clawsmith to your coding agent. Ship products like crazy.Unlimited usage during betaGet API Key โ†’
โ† Back to dashboard
clawsmith.com/signal/openclaw-nine-cves-four-days-march-2026-rce-flood
โš  IssueUnderservedLive

Nine OpenClaw CVEs in Four Days: 42900 Exposed Instances 15200 Vulnerable to RCE

Between March 18-21 2026, nine CVEs were disclosed for OpenClaw including one scoring 9.9/10 CVSS and six high-severity. CVE-2026-29607 and CVE-2026-28460 both bypass the command approval allowlist. The jgamblin/OpenClawCVEs tracker lists 156 total security advisories with 128 awaiting CVE assignment. 42900+ internet-exposed instances found with 15200 vulnerable to remote code execution.

Product Idea from this Signal

A CLI security scanner that intercepts and blocks malicious ClawHub skills before they compromise your OpenClaw instance

183.3k โ–ฒ

ClawHub has 824+ malicious skills in circulation. 12% of published skills contain malicious code, supply chain rug-pulls, or data exfiltration payloads like AMOS stealer and ClawHavoc. OpenClaw's built-in VirusTotal integration only catches known signatures after publication, leaving zero-day threats and behavioral exploits wide open. This tool sits between ClawHub and your install command, running behavioral analysis, permission auditing, and network call inspection on every skill before it touches your system.

CLIOPEN-SOURCESECURITYDEVTOOL
Competitive75 leadsView Opportunity โ†’

Score Breakdown

HN
1,047
GitHub
178

Social Proof 3 sources

HN
If you are running OpenClaw you probably got hacked
4/3/2026
672HN
Every OpenClaw Security Incident CVE and Exploit in 2026
3/20/2026
375GH
jgamblin/OpenClawCVEs: 156 security advisories tracker for OpenClaw
gh:jgamblin ยท 1/15/2026
178

Existing Solutions 2 competitors

jgamblin/OpenClawCVEs156 stars community reference

Community-maintained tracker of OpenClaw CVEs and security advisories 156 total with 128 awaiting assignment

NanoClawearly stage no revenue data

Stripped-down OpenClaw fork focused on security hardening and minimal attack surface

Gap Assessment

UnderservedExisting solutions leave gaps

No unified CVE tracking dashboard or automated remediation tool purpose-built for OpenClaw instance operators.

Virality Score
1,225
across 0 platforms
Details
Signalissue
Ecosystemโ€”
Sources3
Platforms0
Updated8d ago
Trendโ†’ stable
Top ideas
All ideas โ†’
26.1MA pre-publish scanner that strips source maps, secrets, and internal code from npm packages before they ship to the registry2.2MA routing middleware that pairs an expensive advisor model with a cheap executor model for OpenClaw agents, cutting API costs by 80% while maintaining output quality892.2KA web dashboard that finds revenue gaps and saturated niches across 180+ OpenClaw startups in real time
Related signals
All signals โ†’
93KAgents of Chaos: 38 Researchers Deploy 6 OpenClaw Agents โ€” 11 Critical Failure Patterns in 14 Days35.7KCapability Evolver โ€” #1 ClawHub Skill (35K Downloads) Caught Exfiltrating Data to ByteDance Feishu13.3KIronClaw: NEAR AI Rust OpenClaw Rewrite โ€” WASM Sandbox, LLM Never Touches Secrets (11.3K Stars)