OpenClaw Critical Vulnerabilities, CVSS 9.1, Remote Attacks
Summary
CERT-Bund issued a security advisory WID-SEC-2026-1253 disclosing multiple critical vulnerabilities in OpenClaw, an open-source personal AI assistant for self-hosted devices. The vulnerabilities carry a CVSS Base Score of 9.1 (critical) and a CVSS Temporal Score of 7.9 (high), with remote attack confirmed. Affected version: Open Source OpenClaw prior to version 2026.4.22. Organizations running OpenClaw on UNIX or other operating systems should assess exposure and apply available mitigations immediately.
About this source
CERT-Bund is the German federal cybersecurity agency's incident response team, run by the BSI. Their advisory feed publishes vulnerability disclosures and active exploitation warnings for software in widespread enterprise use: VPN appliances, email servers, file transfer products, ERP systems, browsers, hypervisors. Around 280 advisories a month, each with a CVSS score, affected versions, and remediation guidance. The advisories are written in German but cover the same vulnerabilities that show up in CISA, NCSC-UK, and JPCERT bulletins, often hours earlier. Watch this if you patch enterprise software, run a SOC, or write detection rules. GovPing publishes each advisory with the affected vendor, CVSS score, and original CERT-Bund link.
What changed
CERT-Bund published advisory WID-SEC-2026-1253 identifying multiple critical vulnerabilities in OpenClaw, an open-source personal AI assistant. The CVSS Base Score of 9.1 and confirmed remote attack vector place this among the most severe software vulnerabilities currently tracked. The affected product is Open Source OpenClaw before version 2026.4.22, running on UNIX and other operating systems.
Organizations and individuals running OpenClaw should verify their installed version against the 2026.4.22 threshold, apply available mitigations referenced in the advisory, and monitor for updates from the OpenClaw project maintainers. Given the critical severity and confirmed remote exploitability, unpatched instances face a high risk of security-bypass, data-exposure, or data-manipulation attacks.
Archived snapshot
Apr 24, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1253] OpenClaw: Mehrere Schwachstellen CVSS Base Score 9.1 (kritisch) CVSS Temporal Score 7.9 (hoch) Remoteangriff ja Datum 23.04.2026 Stand 24.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.
Produkte
23.04.2026
- Open Source OpenClaw <2026.4.22
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten offenzulegen oder zu manipulieren oder andere, nicht näher spezifizierte Angriffe durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Parties
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.