Four critical vulnerabilities in the OpenClaw AI agent, collectively called Claw Chain, allow attackers to bypass security boundaries, install persistent backdoors, and chain exploits to steal data and gain administrator access. The most severe flaw is CVE-2026-44112 with a CVSS score of 9.6. All versions prior to 2026.4.22 are affected, and the fixed version is 2026.4.22.
AI/ML 4 vulnerabilities in OpenClaw AI agent put thousands of servers at risk May 18, 2026 Share By SC Staff (Credit: sdx15 – stock.adobe.com) A collection of four security vulnerabilities discovered in the popular autonomous AI agent OpenClaw has put thousands of servers at risk, according to a recent report by HackRead. The vulnerabilities, collectively known as Claw Chain, were found by security experts at Cyera and affect all versions of OpenClaw released before April 23, 2026. The most critical flaw, CVE-2026-44112, has a severity score of 9.6 out of 10 and allows attackers to bypass security boundaries and install permanent backdoors. This can be combined with other high-severity vulnerabilities, such as CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118, to steal private data, swap safe file paths with symbolic links, leak sensitive information like API keys, and bypass identity checks to gain administrator access. These flaws enable cybercriminals to use AI agents as undetectable tools for accessing internal systems. With an estimated 65,000 to 180,000 OpenClaw servers publicly accessible in May 2026, businesses may face significant risks. Patches were released on April 23, 2026, and immediate updates and password changes are recommended. Source: HackRead An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More SC Staff Related AI benefits/risks AI can accelerate microsegmentation, but it cannot govern policy David Brown May 18, 2026 Here’s the case for looking at policy governance as its own discipline. AI/ML Researchers bypass Apple’s M5 security with AI-powered macOS exploit SC Staff May 15, 2026 Researchers from Calif utilized Anthropic's Mythos Preview AI to chain two previously unknown bugs and several techniques, ultimately creating a functional exploit for Apple's M5 chip. AI/ML Permiso launches AI agent runtime security SC Staff May 15, 2026 The new capabilities extend Permiso’s unified identity platform to address the growing challenge of securing AI agents, which are increasingly making autonomous decisions and interacting with various systems without direct human oversight. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds