VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Claw Chain vulnerability chain in OpenClaw: data exfiltration, privilege escalation, and persistence

Цепочка уязвимостей Claw Chain в OpenClaw: кража данных, эскалация привилегий и персистентность

Colleagues, a security alert: a vulnerability chain in OpenClaw (Claw Chain) has been identified.

- Cyera researchers and V. Tokarev disclosed four CVEs: TOCTOU sandbox read/write escapes (CVE-2026-44112, CVE-2026-44113), an allowlist bypass via heredoc (CVE-2026-44115), and improper senderIsOwner validation (CVE-2026-44118).
- The chain enables code execution in the sandbox, secret exfiltration, privilege escalation to the owner, and persistence.
- Fixes are available in OpenClaw 2026.4.22 — update as soon as possible.

Why it matters: an attacker could co-opt an agent for stealthy operations and expand their attack surface.

Have you updated OpenClaw in your infrastructure?
#cybersecurity #vulnerabilities #OpenClaw #infosec

Latest comments

No comments yet.