OpenClaw AI Assistant Multiple Vulnerabilities, CVSS 6.5
Summary
CERT-Bund issued security advisory WID-SEC-2026-1242 disclosing multiple vulnerabilities in OpenClaw, a self-hosted personal AI assistant, affecting versions prior to 2026.4.21. An attacker can exploit these vulnerabilities to bypass security measures or disclose confidential information. The CVSS Base Score is 6.5 (medium) and the Temporal Score is 5.7 (medium). Remote attack is possible. Affected organizations should update to version 2026.4.21 or apply available mitigation measures.
“Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder vertrauliche Informationen offenzulegen.”
About this source
CERT-Bund is the German federal cybersecurity agency's incident response team, run by the BSI. Their advisory feed publishes vulnerability disclosures and active exploitation warnings for software in widespread enterprise use: VPN appliances, email servers, file transfer products, ERP systems, browsers, hypervisors. Around 280 advisories a month, each with a CVSS score, affected versions, and remediation guidance. The advisories are written in German but cover the same vulnerabilities that show up in CISA, NCSC-UK, and JPCERT bulletins, often hours earlier. Watch this if you patch enterprise software, run a SOC, or write detection rules. GovPing publishes each advisory with the affected vendor, CVSS score, and original CERT-Bund link.
What changed
CERT-Bund published security advisory WID-SEC-2026-1242 disclosing multiple vulnerabilities in OpenClaw, a personal AI assistant for self-hosted devices, affecting versions prior to 2026.4.21. An attacker with remote access can exploit these vulnerabilities to bypass security precautions or disclose confidential information. The advisory carries a CVSS Base Score of 6.5 (medium) and Temporal Score of 5.7 (medium), with remote attack capability confirmed.
Organizations running OpenClaw should immediately inventory their installations and update to version 2026.4.21 or later. Where immediate updating is not feasible, available mitigation measures should be applied without delay to reduce exposure to remote exploitation and potential information disclosure.
Archived snapshot
Apr 23, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1242] OpenClaw: Mehrere Schwachstellen CVSS Base Score 6.5 (mittel) CVSS Temporal Score 5.7 (mittel) Remoteangriff ja Datum 22.04.2026 Stand 23.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.
Produkte
22.04.2026
- Open Source OpenClaw <2026.4.21
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder vertrauliche Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.