CVE-2026-25253/32915/32919/32979/32922/33579/34511/SB2026033182 & ClawHub/TroyDen/CertiK/SlowMist/GhostClaw/Tsinghua-Ant/CNIPA/ClawJacked + New Guidance Injection + Admin Takeover/CISA CVE-2026-33017
Key Questions
What is the main vulnerability discussed in Highlight [hcve2026-25253]?
The highlight covers multiple CVEs in OpenClaw, including a new silent admin takeover vulnerability allowing attackers to seize full administrative control. It also addresses guidance injection via ClawHub as detailed in Shanghai Jiao Tong's arXiv paper, and CISA's CVE-2026-33017 on GitHub risks.
Which CVEs are tracked in this highlight?
Key CVEs include CVE-2026-25253, 32915, 32919, 32979, 32922, 33579, 34511, and SB2026033182, along with CISA CVE-2026-33017. CVE-2026-33579 exposed 135k items, with vulnerabilities reported by ClawHub, TroyDen, CertiK, SlowMist, GhostClaw, Tsinghua-Ant, CNIPA, and ClawJacked.
What patches are recommended for these OpenClaw vulnerabilities?
Patches are available in OpenClaw versions v3.11+ and v4.2+. DefenseClaw is urged as an urgent mitigation measure.
What is guidance injection in the context of ClawHub?
Guidance injection is a new attack vector on OpenClaw and similar AI agents, infecting them with 'malicious skills' as per Shanghai Jiao Tong's arXiv research on ClawHub. It enables prompt injection and other exploits.
What risks does CISA highlight regarding GitHub and OpenClaw?
CISA's CVE-2026-33017 warns of GitHub risks associated with OpenClaw, including potential exposures from repo-level security advisories tracked by jgamblin/OpenClawCVEs.
How many vulnerabilities have SlowMist and CertiK identified?
SlowMist reported 341 vulnerabilities, while CertiK identified over 820, with 41% of OpenClaw instances affected.
What regulatory warnings exist for OpenClaw in China?
CNIPA warns against using AI agents like OpenClaw for drafting patent applications due to risks. Additional concerns include prompt injection, SSH issues, and ISACA governance gaps.
What is the impact of CVE-2026-34511?
CVE-2026-34511 in OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL.
Shanghai Jiao Tong arXiv on ClawHub guidance injection; new silent admin takeover vuln; CISA CVE-2026-33017 GitHub risks; CVE-2026-33579 (135k exposed); SlowMist 341/CertiK 820+/41% vulns. Patches v3.11+/4.2+; DefenseClaw urgent; China regs/prompt inj/SSH/ISACA gaps.