How many security advisories has OpenClaw had in 2026?

Security researcher Joel Gamblin's tracker logged 137 security advisories between February 2 and April 4, 2026 alone - roughly one new advisory every 15 hours.

How many OpenClaw instances are exposed to the internet?

SecurityScorecard identified 40,214 internet-exposed OpenClaw instances with 28,663 unique IP addresses hosting globally accessible control panels.

What percentage of exposed OpenClaw instances are vulnerable to RCE?

Approximately 63% of exposed deployments are vulnerable to remote code execution, enabling attackers to seize control without user interaction.

What CVEs are being exploited in the OpenClaw trojan attacks?

Three high-severity CVEs with CVSS scores from 7.8 to 8.8 are being exploited, enabling privilege escalation, sandbox bypass, and remote code execution.

Why are OpenClaw instances vulnerable to trojan horse attacks?

Users commonly configure bots with identifiable personal or company names and grant excessive permissions without adequate security measures. Many instances run without authentication.

Has Microsoft commented on OpenClaw security risks?

Microsoft has advised against using OpenClaw on standard devices. Chinese authorities have also restricted OpenClaw in office environments due to significant security risks.

← Back to dashboard

clawsmith.com/signal/openclaw-trojan-horse-28k-systems-actively-exploited

⚠ IssueWide OpensecurityLive

OpenClaw Trojan Horse: Hackers Actively Exploit Vulnerabilities to Control 28,000+ Systems Globally

SecurityScorecard report confirms 40,214 internet-exposed OpenClaw instances with 28,663 unique IPs hosting accessible control panels. 63% vulnerable to RCE. Three high-severity CVEs (CVSS 7.8-8.8) enable attackers to seize control without user interaction. Microsoft advises against use on standard devices. Chinese authorities restrict OpenClaw in office environments.

Product Idea from this Signal

A security scanner that checks your OpenClaw instance for active compromise indicators and tells you if you are already breached

2.7k ▲

Security researchers say every organization running OpenClaw should assume compromise (35K+ virality signal). 135K+ instances sit exposed with no authentication, and the 'Don't Use OpenClaw' warning went viral on Medium. But no existing tool answers the most urgent question: am I already compromised right now? Existing security tools scan for potential vulnerabilities, not active exploitation. This tool performs a forensic-grade inspection of your running OpenClaw instance, checking for signs of active breach including unauthorized sessions, tampered configs, exfiltration patterns in logs, and known malware indicators from the ClawHavoc and AMOS stealer campaigns.

SECURITYCLIFORENSICSDEVTOOL

CompetitiveView Opportunity →

Product Idea from this Signal

A security service that auto-patches OpenClaw CVEs within hours of disclosure before attackers exploit them

460.5k ▲

OpenClaw shipped 9 CVEs in 4 days (March 2026) including a CVSS 9.9 privilege escalation affecting 135K+ exposed instances. Most operators have no way to know which CVEs affect their version, no automated patching, and no coordination between the flood of advisories (156+ total) and their actual attack surface. This tool continuously monitors CVE feeds, maps each advisory to your installed version and enabled features, and applies safe mitigations automatically while queuing risky patches for human approval.

SECURITYCLIDEVTOOLOPEN-SOURCESYSADMIN

CompetitiveView Opportunity →