What is CVE-2026-25253 in OpenClaw?

CVE-2026-25253 (CVSS 8.8) is a critical RCE vulnerability in OpenClaw's WebSocket handler that didn't validate the Origin header, allowing remote attackers to execute arbitrary commands with a single malicious link.

What is CVE-2026-32913 in OpenClaw?

CVE-2026-32913 is an improper header validation bug in fetchWithSsrFGuard. It forwards sensitive custom auth headers (X-Api-Key, Private-Token) across cross-origin redirects, leaking credentials to attacker-controlled servers.

How many OpenClaw instances are exposed on the internet?

135,000+ OpenClaw instances were found exposed on the public internet as of March 2026, per ClawFast's OpenClaw Security Crisis report. Over 60% had exploitable vulnerabilities.

How do I secure my OpenClaw deployment?

Enable authentication, bind to 127.0.0.1 not 0.0.0.0, use TLS, restrict exec permissions, and install SecureClaw for automated hardening checks across all 55 documented threat classes.

Is OpenClaw safe to run?

With proper configuration (auth enabled, bound to localhost, patched to v2026.3.7+), OpenClaw is safer. But the default configuration leaves critical vulnerabilities exposed. Run SecureClaw's audit checklist before deploying.

What is the ClawJacked vulnerability?

ClawJacked is an attack class where malicious websites hijack local OpenClaw AI agents via WebSocket by exploiting missing Origin validation (CVE-2026-25253).

← Back to dashboard

clawsmith.com/signal/openclaw-security-crisis-135k-exposed-rce

⚠ IssueCompetitiveFrameworkLive

OpenClaw Security Crisis: 135K Exposed Instances, RCE, AMOS Stealer

OpenClaw security crisis escalates: CNCERT China March 2026 alert warns of 220K+ unprotected instances exposed to public internet (up from 135K in February). CVE-2026-25253 CVSS 8.8 RCE, AMOS Stealer targeting macOS users. Microsoft recommends isolated VM only. 156 total security advisories in jgamblin tracker.

Product Idea from this Signal

A CLI security scanner that intercepts and blocks malicious ClawHub skills before they compromise your OpenClaw instance

183.3k ▲

ClawHub has 824+ malicious skills in circulation. 12% of published skills contain malicious code, supply chain rug-pulls, or data exfiltration payloads like AMOS stealer and ClawHavoc. OpenClaw's built-in VirusTotal integration only catches known signatures after publication, leaving zero-day threats and behavioral exploits wide open. This tool sits between ClawHub and your install command, running behavioral analysis, permission auditing, and network call inspection on every skill before it touches your system.

CLIOPEN-SOURCESECURITYDEVTOOL

Competitive75 leadsView Opportunity →