OpenClaw releases & security (v2026.3.11→v2026.3.13, CVE-2026-22171/25253) — exploits active
Key Questions
What are the recent OpenClaw releases and associated security updates?
OpenClaw has released versions from v2026.3.11 to v2026.3.13, addressing vulnerabilities including the new CVE-2026-22171 for path traversal alongside existing RCE issues. Urgent patches are recommended due to active exploits.
What is CVE-2026-22171 in OpenClaw?
CVE-2026-22171 is a path traversal vulnerability adding to OpenClaw's RCE and other CVEs. It heightens risks amid the project's growth with over 200K GitHub stars.
What security threats persist in OpenClaw despite its popularity?
Prompt-injection attacks affect around 4,000 machines, and ClawHavoc malware taints approximately 1,184 skills. The Chronicle tracker helps with audits to mitigate these issues.
What is ClawHavoc and how does it impact OpenClaw?
ClawHavoc is a malware campaign targeting OpenClaw via tainted skills, with about 1,184 affected as per reports. It persists alongside other exploits like prompt-injection.
How can users address OpenClaw security risks?
Apply urgent patches from the latest releases (v2026.3.13), use the Chronicle tracker for audits, and stay informed via CVE alerts like CVE-2026-32042. New Claude updates are also noted to counter OpenClaw threats.
New CVE-2026-22171 (path traversal) adds to RCE/CVEs amid releases; 200K+ GitHub stars fuel growth but prompt-injection (~4k machines), ClawHavoc (~1,184 tainted skills) persist. Chronicle tracker aids audits; urgent patches needed.