Get in touch

OpenClaw CVE History

OpenClaw CVE History & Security Incidents — What Happened & What to Do (2026) ⚠️ Security History OpenClaw CVE History& Security Incidents A transparent record of every significant security incident…

OpenClaw CVE History & Security Incidents — What Happened & What to Do (2026)
⚠️ Security History

OpenClaw CVE History
& Security Incidents

A transparent record of every significant security incident in the OpenClaw ecosystem — what happened, who was affected, and what action you need to take.

2026 Incident Log

Known Vulnerabilities & Incidents

February 1, 2026 — Disclosed by DepthFirst Security

CVE-2026-25253 — Zero-Click Remote Code Execution via WebSocket

🔴 CVSS 8.8 — Critical
What happened: A flaw in OpenClaw’s Gateway authentication token handling allowed an unauthenticated attacker to hijack active WebSocket sessions and execute arbitrary code on the host server. Because the exploit required only a network connection (no user interaction), security researchers classified it as zero-click. Hunt.io’s analysis found 17,500+ internet-exposed instances across 52 countries, with the majority remaining unpatched for days after disclosure. The vulnerability was introduced in the v2.1.0 gateway rewrite and affected all versions prior to v2.1.8.
✅ What to do nowVerify you’re running OpenClaw v2.1.8 or later: docker inspect openclaw | grep -i image. If not, update immediately: cd ~/openclaw && docker compose pull && docker compose up -d. Also verify port 3000 is NOT exposed to the internet in your firewall.
January 2026 — Discovered by Koi Security

ClawHavoc Campaign — 341 Malicious ClawHub Skills

🟡 Supply Chain Attack — High Severity
What happened: A coordinated campaign installed 341 malicious skills on ClawHub that distributed the Atomic macOS Stealer (AMOS) credential-harvesting malware. The skills impersonated legitimate tools across categories including crypto utilities (111 skills), YouTube tools (57 skills), and prediction market bots (34 skills). Skills used legitimate-looking publisher names and icons. Users who installed affected skills had API keys, browser cookies, and keychain credentials silently exfiltrated.
✅ What to do nowIf you installed any ClawHub skill in January 2026, audit your installed skills immediately. Remove any skill with a publisher created after December 2025 that you cannot verify. If you believe you were affected, rotate all API keys (Anthropic, OpenAI, Google) and any other credentials accessible from your server.
Managed Hosting Users Were Protected

Both incidents illustrate the key security advantage of managed OpenClaw hosts like xCloud: CVE-2026-25253 was patched fleet-wide within hours of disclosure, requiring zero action from users. Self-hosted instances that weren’t actively monitored remained vulnerable. If you self-host, automated weekly updates are essential — see our updates guide.

Staying Informed

How to Get Security Alerts

Don’t wait to read about CVEs on Reddit. Set up alerts so you hear about them within hours of disclosure.

GitHub Watch (Free — 5 minutes to set up)

Go to github.com/open-claw/openclaw → Watch → Custom → check “Security advisories”. GitHub emails you immediately when a new security advisory is published for the repository. This is the fastest notification path.

Also subscribe to the OpenClaw Discord #security channel — critical vulnerabilities are announced there simultaneously with GitHub. For enterprise users, consider integrating OpenClaw’s repository with a security scanning tool like Dependabot or Snyk for automated dependency vulnerability detection.

Stay Informed, Stay Protected

Set up automated updates and GitHub security alerts — the two steps that keep you safe with minimal ongoing effort.

Automated Updates GuideSecurity Hardening →