Ethical Hacking News
Researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed "Claw Chain" by Cyera, highlight the importance of frequent software updates and responsible disclosure within the cybersecurity community.
Cybersecurity researchers have identified four security flaws in OpenClaw, an AI-powered cybersecurity solution. The vulnerabilities, known as "Claw Chain," allow for data theft, privilege escalation, and persistence. The most critical vulnerability, CVE-2026-44118, stems from trusting a client-controlled ownership flag without validation. Successful exploitation of the vulnerabilities can lead to establishing a foothold, exposing sensitive data, and planting backdoors. User updates are recommended to stay protected against potential threats. The discovery highlights the importance of frequent software updates and responsible disclosure in ensuring user data integrity and system security.
Cybersecurity researchers have recently disclosed a set of four security flaws in OpenClaw, an AI-powered cybersecurity solution, that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed "Claw Chain" by Cyera, a cybersecurity company, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors.
These four security flaws in OpenClaw have garnered significant attention from the cybersecurity community due to their potential impact on user data and system integrity. The vulnerabilities include: CVE-2026-44112 (CVSS score: 9.6/6.3), CVE-2026-44113 (CVSS score: 7.7/6.3), CVE-2026-44115 (CVSS score: 8.8), and CVE-2026-44118 (CVSS score: 7.8).
Cyera has stated that successful exploitation of CVE-2026-44112 could allow an attacker to tamper with configuration, plant backdoors, and establish persistent control over the compromised host, whereas CVE-2026-44113 could be weaponized to read system files, credentials, and internal artifacts.
The exploitation chain unfolds over four steps:
1. A malicious plugin, prompt injection, or compromised external input gains code execution inside the OpenShell sandbox.
2. Leveraging CVE-2026-44113 and CVE-2026-44115 enables exposure of sensitive data such as user credentials, secrets, and internal files.
3. Exploiting CVE-2026-44118 allows obtaining owner-level control over the agent runtime.
4. Finally, using CVE-2026-44112 enables planting backdoors or making configuration changes and setting up persistence.
A root cause for CVE-2026-44118 stems from OpenClaw trusting a client-controlled ownership flag called senderIsOwner, which signals whether the caller is authorized for owner-only tools without validating it against the authenticated session. The flaw was addressed in OpenClaw version 2026.4.22 following responsible disclosure.
In response to this vulnerability chain, security researcher Vladimir Tokarev has been credited with discovering and reporting the issues. Users are advised to update to the latest version of OpenClaw to stay protected against potential threats.
The discovery of these four security flaws in OpenClaw highlights the importance of frequent software updates and responsible disclosure within the cybersecurity community. As AI-powered solutions become increasingly prevalent, the potential for vulnerability chains like the one described by Cyera underscores the need for rigorous testing and validation procedures to ensure the integrity of user data and system security.
Related Information:
https://www.ethicalhackingnews.com/articles/OpenClaw-Flaws-Exposed-A-Critical-Vulnerability-Chain-Enabling-Data-Theft-and-Privilege-Escalation-ehn.shtml
https://thehackernews.com/2026/05/four-openclaw-flaws-enable-data-theft.html
https://nvd.nist.gov/vuln/detail/CVE-2026-44112
https://www.cvedetails.com/cve/CVE-2026-44112/
https://nvd.nist.gov/vuln/detail/CVE-2026-44113
https://www.cvedetails.com/cve/CVE-2026-44113/
https://nvd.nist.gov/vuln/detail/CVE-2026-44115
https://www.cvedetails.com/cve/CVE-2026-44115/
https://nvd.nist.gov/vuln/detail/CVE-2026-44118
https://www.cvedetails.com/cve/CVE-2026-44118/
Published: Fri May 15 11:52:45 2026 by llama3.2 3B Q4_K_M
