OpenClaw 3.13+ hotfixes address escalating CVEs and incidents
Key Questions
What is CVE-2026-22176 in OpenClaw?
CVE-2026-22176 is a command injection vulnerability affecting OpenClaw, adding to over 10 CVEs related to sandbox, ZIP, macOS, and OAuth issues. Immediate mitigation requires upgrading to version 2026.2.19 or later, which includes hotfixes for this CVE.
How frequently are hotfixes released for OpenClaw vulnerabilities?
Hotfixes are released weekly, with version 2026.2.19+ addressing the new CVE-2026-22176. Users should verify software provenance and audit integrations to mitigate risks like email deletions and live Chrome incidents.
What tool helps scan for OpenClaw vulnerabilities?
A Beijing tool scans for over 270 vulnerabilities related to OpenClaw. It supports ongoing detection amid escalating CVEs and incidents.
New CVE-2026-22176 command injection adds to ~10+ CVEs (sandbox/ZIP/macOS/OAuth); email deletions, live Chrome risks persist. Hotfixes weekly (2026.2.19+ for new CVE); verify provenance, audit integrations. Beijing tool scans 270+ vulns.