CVE-2026-25253 et al. + CVE-32922 + CVE-2026-34426 + CVE-2026-33579 + new v2026.3.28 vuln + ClawHavoc malware surge + 12-attack probe + NemoClaw security boosts + 360 Intelligence vulns + CVE-2026-33017 + Gary Marcus critiques
Key Questions
What is the new frightening vulnerability in OpenClaw?
A critical vulnerability in OpenClaw versions prior to 2026.3.28 allows attackers to gain unauthorized access, demanding immediate upgrades. Related CVEs include CVE-2026-25253, CVE-32922, CVE-2026-34426, CVE-2026-33579, and CVE-2026-33017 added to CISA's catalog.
Which OpenClaw version should users upgrade to immediately?
Users must update to version 2026.3.28 or later to patch the vulnerability. Newer versions like v2026.4.5+ include additional mitigations such as ClawSecure, Docker, Tailscale, and OpenClawd.
What is ClawHavoc malware?
ClawHavoc is a malware campaign targeting OpenClaw via 539 malicious skills in ClawHub that appear legitimate. It coincides with CertiK reporting over 100 CVEs and 63% of skills having no authentication exposure.
What did Gary Marcus say about OpenClaw risks?
Gary Marcus criticized the Y Combinator head for being blind to OpenClaw's security risks amid ongoing vulnerabilities and malware surges. He highlighted persistent dangers despite patches, as shown in 12 live attack scenarios on top models.
What security features has Nvidia added for NemoClaw?
Nvidia's NemoClaw introduces sandboxing, guardrails, ClawSecure, Docker, Tailscale, and OpenClawd mitigations in versions v2026.4.5+. These aim to boost security and privacy for AI agents amid NemoClaw bugs.
What fixes did 360 Intelligence provide for OpenClaw?
360 Intelligence discovered and addressed high and medium-severity vulnerabilities in OpenClaw. Their fixes are part of the push to upgrade to v2026.3.28.
What do the 12-attack probe results show for OpenClaw?
Live tests of 12 real attack scenarios on top OpenClaw models reveal persistent risks even after patches. This underscores the need for ongoing vigilance and upgrades.
What mitigations are recommended for OpenClaw security?
Recommended mitigations include ClawVet, OpenClawd verified skill screening, ClawSecure, Docker, Tailscale, and sandboxing in v2026.4.5+. Users should also audit deployments as warned in executive briefings.
New frightening vuln demands immediate upgrade to v2026.3.28; 12 real attack scenarios tested live on top models highlight persistent risks despite patches; Gary Marcus slams YC head blind to OpenClaw risks amid ClawHavoc 539 mal skills/CertiK 100+ CVEs/63% no-auth exposure/NemoClaw bugs/China alerts/Saccone; 360 high/med fixes/CISA CVE-2026-33017; Nvidia NemoClaw sandbox/guardrails/ClawSecure/Docker/Tailscale/OpenClawd mitigations v2026.4.7+/ClawVet.