OpenClaw AI Assistant Vulnerabilities
Summary
CERT-Bund has issued a security advisory for OpenClaw, an AI assistant, detailing multiple vulnerabilities with a high CVSS base score of 8.1. The advisory urges users to mitigate the risks associated with privilege escalation and confidential information disclosure.
What changed
CERT-Bund has released Security Advisory WID-SEC-2026-0743 concerning multiple vulnerabilities in OpenClaw, a personal AI assistant designed for on-premise execution. The vulnerabilities, rated with a high CVSS Base Score of 8.1, allow attackers to escalate privileges and disclose confidential information. The affected product version is Open Source OpenClaw <2026.3.13, and it impacts systems running on UNIX-like operating systems.
Users of OpenClaw are advised to implement mitigation strategies to address these security risks. While specific mitigation details are not provided in this summary, the advisory indicates that mitigation is available. The advisory highlights the potential for remote attacks, emphasizing the need for prompt action to protect against unauthorized access and data breaches. Further information and updates can be found via the provided CVE and information links.
What to do next
- Review OpenClaw version for potential vulnerabilities.
- Implement available mitigation strategies as recommended by CERT-Bund.
- Monitor for updated versions or further security guidance from CERT-Bund.
Source document (simplified)
[WID-SEC-2026-0743] OpenClaw: Mehrere Schwachstellen CVSS Base Score 8.1 (hoch) CVSS Temporal Score 7.1 (hoch) Remoteangriff ja Datum 16.03.2026 Stand 17.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.
Produkte
16.03.2026
- Open Source OpenClaw <2026.3.13
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um seine Privilegien zu erhöhen und um vertrauliche Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.