INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Claw Chain Vulnerabilities Put AI Servers at Risk
| 2026-05-16 09:16 CRITICAL HIGHExecutive Summary AI-generated
The recent discovery of four critical vulnerabilities in the popular autonomous AI agent OpenClaw has put thousands of servers at risk. These flaws, dubbed Claw Chain, work together to exploit a timing error in the OpenShell sandbox system and can be chained to achieve data theft, privilege escalation, and persistence. Experts warn that these issues are widespread, with between 65,000 and 180,000 affected servers connected to the public internet. The vulnerabilities were first identified by researchers at Cyera who discovered and reported Claw Chain, but patches have since been released on April 23, 2026, fixing some of the issues.
Technical Mitigations AI-generated
* Implement secure patching and updates: Ensure that all OpenClaw servers connected to the public internet have been patched with April 23, 2026 patches. This will prevent hackers from exploiting the vulnerabilities.
* Use strong authentication and authorization mechanisms: Implement robust authentication and authorization protocols to ensure that only authorized users can access sensitive data or systems.
* Regularly monitor system logs and network traffic: Continuously monitor system logs and network traffic for suspicious activity, which could indicate a compromised OpenClaw server. This will help detect potential security breaches early on.
* Implement secure file system permissions and access controls: Ensure that all files are properly secured with restricted access control lists (ACLs) to prevent unauthorized data theft or privilege escalation.
* Use encryption and secure communication protocols: Implement end-to-end encryption for sensitive communications, such as messaging apps like Telegram, and use secure communication protocols like HTTPS/SSL/TLS.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-44115CVE-2026-44115
CVE-2026-44118CVE-2026-44118
CVE-2026-44113CVE-2026-44113
CVE-2026-44112CVE-2026-44112
Target & Sectors
Global Scope
Incident Timeline
late 2025
Threat actors exploited four distinct vulnerabilities in the openClaw AI server, which was originally launched under the name Clawdbot.
April 23, 2026
Threat actors exploited a timing error in the OpenShell sandbox system to target thousands of openclaw AI servers.
Click on any entity below to view its context and source!
organisation
API
One of them,
CVE-2026-44115
, has a severity score of 8.8 and leaks secret internal settings, API keys, and password tokens because of a gap in how commands are checked before they run.
organisation
OpenShell
It is a timing error in the OpenShell sandbox system (a restricted security environment that safely isolates running programs).
organisation
Hackread.com
Expert’s Insights
In a comment shared with Hackread.com, Justin Fier, Senior Vice President of Offensive Security at Darktrace, noted that tools like OpenClaw are risky even without specific vulnerabilities because they have broad access to filesystems and command lines.
organisation
Justin Fier
Expert’s Insights
In a comment shared with Hackread.com, Justin Fier, Senior Vice President of Offensive Security at Darktrace, noted that tools like OpenClaw are risky even without specific vulnerabilities because they have broad access to filesystems and command lines.
organisation
Offensive Security
Expert’s Insights
In a comment shared with Hackread.com, Justin Fier, Senior Vice President of Offensive Security at Darktrace, noted that tools like OpenClaw are risky even without specific vulnerabilities because they have broad access to filesystems and command lines.
organisation
Darktrace
Expert’s Insights
In a comment shared with Hackread.com, Justin Fier, Senior Vice President of Offensive Security at Darktrace, noted that tools like OpenClaw are risky even without specific vulnerabilities because they have broad access to filesystems and command lines.
organisation
IAM
He concluded that to a security operations centre, an agent may look like a legitimate human user, meaning defenders must know “whether it was the person, the agent acting on that person’s behalf, or an attacker abusing the agent,” and cautioned that “organizations need a strong IAM foundation before they give agentic tools broad access.”
the April 23, 2026
Threat actors exploited a critical 'Claw Chain' vulnerability in OpenClaw AI servers to target all versions of the software released before April 23, 2026.
Click on any entity below to view its context and source!
organisation
Claw Chain
As per the findings from researchers at Cyera, who discovered and reported Claw Chain, the issues affect all versions of OpenClaw released before the April 23, 2026, patches.
May 15, 2026
Threat actors exploited four critical 'Claw Chain' vulnerabilities in OpenClaw AI servers to gain unauthorized access and control.
Click on any entity below to view its context and source!
tactic
Privilege Escalation
Ravie Lakshmanan
May 15, 2026
Vulnerability / AI Security
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence.
organisation
Vulnerability / AI Security
Cybersecurity
Ravie Lakshmanan
May 15, 2026
Vulnerability / AI Security
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence.
2026/05/16
Threat actors used CVE-2026-44118 to obtain owner-level control of the agent runtime.
Click on any entity below to view its context and source!
organisation
Leverage CVE-2026-44113
Leverage CVE-2026-44113 and CVE-2026-44115 to expose credentials, secrets, and sensitive files.
organisation
Exploit CVE-2026-44118
Exploit CVE-2026-44118 to obtain owner-level control of the agent runtime.
organisation
OpenClaw
A collection of security vulnerabilities in the popular autonomous AI agent
OpenClaw
has put thousands of servers at risk.
organisation
Telegram
OpenClaw helps businesses automate tasks by connecting smart computer programs directly to internal files, messaging apps like Telegram, and office systems like Microsoft Agent 365.
organisation
Microsoft
OpenClaw helps businesses automate tasks by connecting smart computer programs directly to internal files, messaging apps like Telegram, and office systems like Microsoft Agent 365.
organisation
OpenShell
A time-of-check/time-of-use (TOCTOU) race condition vulnerability in the
OpenShell
managed sandbox backend that allows attackers to bypass sandbox restrictions and redirect writes outside the intended mount root.
organisation
TOCTOU
A time-of-check/time-of-use (TOCTOU) race condition vulnerability in the
OpenShell
managed sandbox backend that allows attackers to bypass sandbox restrictions and redirect writes outside the intended mount root.
organisation
Flaws Enable Data Theft, Privilege Escalation
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence.
infrastructure
2026.4.22
Following responsible disclosure, all four vulnerabilities have been addressed in OpenClaw version 2026.4.22.
organisation
MCP
"The MCP loopback runtime now issues separate owner and non-owner bearer tokens and derives senderIsOwner exclusively from which token authenticated the request," OpenClaw detailed the fixes in an advisory for the flaw.
May 2026
Threat actors exploited critical 'Claw Chain' vulnerabilities in thousands of OpenClaw AI servers connected to the public internet.
Click on any entity below to view its context and source!
infrastructure
65,000 OpenClaw servers
Fixing the Issues
The threat is widespread, given that in May 2026, research showed between 65,000 and 180,000 OpenClaw servers connected to the public internet.
Tactical Metrics
Metrics
infrastructure
65,000
Openclaw Servers
Click for context!
Fixing the Issues
The threat is widespread, given that in May 2026, research showed between 65,000 and 180,000 OpenClaw servers connected to the public internet.
Metrics
infrastructure
2026.4.22
Software Version
Following responsible disclosure, all four vulnerabilities have been addressed in OpenClaw version 2026.4.22.
Intelligence Sources
The Hacker News
2026-05-15
HackRead
2026-05-16
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-05-17T06:03
Comprehensive Tactical Telemetry
Highly Correlated Entities
17x
organisation
Identified Entity
API
entity
5x
timeline
Temporal Reference
April 23, 2026
date
4x
vulnerability
Exploited CVE
CVE-2026-44112
cve
3x
tactic
Cyber Operation Type
Privilege Escalation
tactic
2x
general metric
Cve-2026 Cvss Score
9
cve-2026 cvss score
Contextual Telemetry
Context Block
5 METRICS
vulnerability
CVSS Score
8
score
tactic
MITRE ATT&CK Technique
T1588.006 - Vulnerabilities
technique
general metric
Microsoft Agent
365
microsoft agent
infrastructure
Openclaw Servers
65,000
openclaw servers
infrastructure
Software Version
2026.4.22
version
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.