TECH NEWS

Four OpenClaw flaws let attackers steal data, escalate privileges, and plant backdoors through the agent’s own sandbox

https://media.thenextweb.com/2026/05/openclaw-claw-chain-vulnerabilities-sandbox-escape.avif

TL;DR

Four chainable OpenClaw flaws dubbed “Claw Chain” let attackers weaponise the agent’s own sandbox. Patches are live.

Cybersecurity researchers at Cyera have disclosed four vulnerabilities in OpenClaw that, when chained together, allow an attacker to steal sensitive data, escalate privileges, and establish persistent control over a compromised host. The flaws, collectively dubbed “Claw Chain,” affect OpenClaw’s OpenShell managed sandbox backend and its MCP loopback runtime. All four have been patched in OpenClaw version 2026.4.22.

The attack chain works in four stages. First, a malicious plugin, prompt injection, or compromised external input gains code execution inside the OpenShell sandbox. Second, two of the vulnerabilities, CVE-2026-44113 and CVE-2026-44115, are exploited to expose credentials, secrets, and sensitive files. Third, CVE-2026-44118 is used to obtain owner-level control of the agent runtime by exploiting an improperly validated ownership flag. Fourth, CVE-2026-44112, the most severe of the four with a CVSS score of...

Copyright of this story solely belongs to thenextweb.com. To see the full text click HERE

Read more

https://www.reuters.com/resizer/v2/SPB6AFAXQZLDLKQRGZTJAUL22Q.jpg?auth=42d52d768c6011edc2df0ebb839bbe0c559d209fa89d109ee873f169cf3545a7&height=1005&width=1920&quality=80&smart=true

Shares of Japanese NAND flash maker Kioxia slid 12% on Friday after a report that OpenAI was considering delaying its IPO sparked a selloff in AI-related shares

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.