openclaw

Patch Now: OpenClaw CVE-2026-41296 Is a Full Sandbox Escape

John Z Black Apr 21, 2026

Vulnerabilities & Patching #openclaw #cve-2026-41296 #sandbox-escape #toctou #patch-now

A TOCTOU race condition in OpenClaw's file handling allows a full sandbox escape. Version 2026.3.31 fixes it. If you're running an older version, stop reading and go patch.

OpenClaw's Sixth Pairing Bug in Six Weeks Is a Full Admin Takeover

John Z Black Apr 4, 2026

Vulnerabilities & Patching #openclaw #cve-2026-33579 #privilege-escalation #ai-agents #supply-chain

CVE-2026-33579 lets anyone with the lowest access level become full admin on OpenClaw. It's the sixth pairing CVE in six weeks, and 63% of instances run without auth.

Your AI Assistant Is an Attack Surface Now

John Z Black Mar 10, 2026

AI & Security #ai-security #openclaw #supply-chain #prompt-injection #nation-state #attack-surface

Exposed admin panels leaking API keys, prompt injection as a supply chain weapon, fake installer packages on npm, and nation-states using AI to hack at scale. AI agents just became everyone's security problem.