OpenClaw AI assistant vulnerabilities
Summary
CERT-Bund has issued a security advisory for OpenClaw, a personal AI assistant, detailing multiple critical vulnerabilities. The advisory highlights risks including elevated privileges, arbitrary code execution, and denial-of-service attacks, with a CVSS base score of 8.8.
What changed
CERT-Bund has issued a security advisory (WID-SEC-2026-0884) concerning multiple critical vulnerabilities in the OpenClaw AI assistant, affecting versions up to 2026.3.24. The vulnerabilities, rated with a high CVSS base score of 8.8, allow attackers to gain extended privileges (including administrator rights), execute arbitrary code, bypass security measures, manipulate data, disclose confidential information, and cause denial-of-service conditions.
Users of OpenClaw, particularly those running it on UNIX-like operating systems, are advised to update to a patched version as soon as it becomes available. While no specific mitigation is provided, the advisory implies that applying updates will resolve these critical security issues. Failure to address these vulnerabilities could lead to significant data breaches and system compromise.
What to do next
- Update OpenClaw to a patched version once available
- Review system logs for signs of compromise
Source document (simplified)
[WID-SEC-2026-0884] OpenClaw: Mehrere Schwachstellen CVSS Base Score 8.8 (hoch) CVSS Temporal Score 8.1 (hoch) Remoteangriff ja Datum 26.03.2026 Stand 27.03.2026 Mitigation nein
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.
Produkte
26.03.2026
- Open Source OpenClaw <=2026.3.24
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um erweiterte Rechte, einschließlich Administratorrechte, zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder andere, nicht näher spezifizierte Angriffe durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.