Changeflow GovPing Data Privacy & Cybersecurity OpenClaw Vulnerabilities
Urgent Notice Added Final

OpenClaw Vulnerabilities

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 24th, 2026
Detected March 25th, 2026
Email

Summary

CERT-Bund has issued a security advisory for OpenClaw, detailing multiple critical vulnerabilities with a CVSS score of 9.9. These vulnerabilities allow for remote code execution, privilege escalation, data manipulation, and denial-of-service attacks. A mitigation is available.

View original document View source feed page

What changed

CERT-Bund has released a critical security advisory (WID-SEC-2026-0856) concerning multiple vulnerabilities in OpenClaw, a personal AI assistant software. The vulnerabilities carry a CVSS Base Score of 9.9 and a Temporal Score of 8.6, indicating a high risk. Exploitation allows remote attackers to execute arbitrary code, gain administrator privileges, manipulate data, bypass security measures, disclose confidential information, or cause denial-of-service conditions.

Users of OpenClaw, particularly those running versions prior to 2026.3.22 on Linux or UNIX operating systems, are strongly advised to apply the available mitigation. Failure to do so could result in severe security breaches, including complete system compromise. The advisory indicates that a mitigation is available, and users should consult the provided links for specific instructions and version history.

What to do next

  1. Apply available mitigation for OpenClaw
  2. Update OpenClaw to version 2026.3.22 or later
  3. Review system security for Linux and UNIX environments running OpenClaw

Source document (simplified)

[WID-SEC-2026-0856] OpenClaw: Mehrere Schwachstellen CVSS Base Score 9.9 (kritisch) CVSS Temporal Score 8.6 (hoch) Remoteangriff ja Datum 24.03.2026 Stand 25.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX

Produktbeschreibung

OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.

Produkte

24.03.2026
- Open Source OpenClaw <2026.3.22

Angriff

Angriff

Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um beliebigen Code auszuführen, erweiterte Berechtigungen – sogar Administratorrechte – zu erlangen, Daten zu manipulieren, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder andere, nicht näher spezifizierte Angriffe durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Critical xz Utils Vulnerability Enables Remote Code Execution
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Vim Vulnerability - Arbitrary Code Execution Risk
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de gdk-pixbuf Vulnerability - Denial of Service and Remote Code Execution Risk
Priority review Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.csa.gov.sg Critical Axios Supply Chain Compromise via npm
Urgent Apr 01, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.cisa.gov CVE-2026-5281 Google Dawn Use-After-Free Added to KEV Catalog
Priority review Apr 01, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiples vulnérabilités dans les produits Microsoft
Priority review Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 24th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0856

Who this affects

Industry sector
5112 Software & Technology
Activity scope
Software Security Vulnerability Management
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Software Vulnerabilities AI Assistants

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 324 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.