OpenClaw Security Vulnerability Allows Bypass of Security Measures
Summary
CERT-Bund issued security advisory WID-SEC-2026-1174 disclosing a medium-severity vulnerability (CVSS Base Score 6.5) in OpenClaw, an open-source personal AI assistant. The vulnerability allows a remote, authenticated attacker to bypass security measures. Affected versions are Open Source OpenClaw prior to version 2026.4.12, running on Linux, UNIX, Windows, and other operating systems.
“Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in OpenClaw ausnutzen, um Sicherheitsvorkehrungen zu umgehen.”
Organizations deploying OpenClaw internally or offering it as part of a managed service should inventory all instances and confirm whether they are running versions prior to 2026.4.12. The CVSS 6.5 score places this above the threshold for most automated vulnerability scanners; affected deployments should treat this as a near-term patching priority given that the advisory confirms remote exploitability without requiring local access.
What changed
CERT-Bund published a security advisory for OpenClaw versions prior to 2026.4.12, identifying a medium-severity vulnerability that enables a remote, authenticated attacker to bypass security measures. The CVSS Base Score is 6.5 (medium) with a Temporal Score of 5.7. Mitigation measures are available.
Organizations and individuals running OpenClaw on Linux, UNIX, Windows, or other operating systems should verify their installed version and apply the available mitigation or update to version 2026.4.12 or later. As the software runs on users' own devices, the update responsibility falls on device owners and any enterprises distributing or deploying this AI assistant.
Archived snapshot
Apr 20, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1174] OpenClaw: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen CVSS Base Score 6.5 (mittel) CVSS Temporal Score 5.7 (mittel) Remoteangriff ja Datum 19.04.2026 Stand 20.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.
Produkte
19.04.2026
- Open Source OpenClaw <2026.4.12
Angriff
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in OpenClaw ausnutzen, um Sicherheitsvorkehrungen zu umgehen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.