cve-2026-33579

OpenClaw's Sixth Pairing Bug in Six Weeks Is a Full Admin Takeover

John Z Black Apr 4, 2026

Vulnerabilities & Patching #openclaw #cve-2026-33579 #privilege-escalation #ai-agents #supply-chain

CVE-2026-33579 lets anyone with the lowest access level become full admin on OpenClaw. It's the sixth pairing CVE in six weeks, and 63% of instances run without auth.