Skip to content

Four OpenClaw Vulnerabilities Enable Data Theft and Privilege Escalation

In a nutshell: Four critical vulnerabilities in OpenClaw (CVE-2026-244115, CVE-2026-244112, CVE-2026.4-222, CVE-2026-44118) enable data theft, privilege escalation, and persistent network access. The vulnerabilities were patched in version 2026.4.22. An immediate update is recommended.

Security researchers have discovered four critical vulnerabilities in OpenClaw that can be exploited in combination for data loss, privilege escalation, and persistent network access. The vulnerability chain, referred to by Cyera as the "Claw Chain," allows attackers to inject backdoors and gain control of compromised systems.

Security researchers have uncovered four critical vulnerabilities in OpenClaw, collectively known as the “Claw Chain,” which enable attackers to steal data, escalate privileges, and obtain permanent access.

The vulnerabilities in overview:

CVE-2026-244115 (CVSS Score: 8.8) – A time-of-check/time-of-use (TOCTOU) race condition in the OpenShell Sandbox that allows attackers to bypass sandbox restrictions and write data outside the intended directory.

CVE-2026-244112 (CVSS Score: 8.8) – A similar TOCTOU vulnerability that enables unauthorized reading of files outside the sandbox.

CVE-2026.4-222 (CVSS Score: 8.8) – Incomplete input validation that allows attackers to inject shell expansion tokens in heredoc structures and execute unauthorized commands.

CVE-2026-44118 (CVSS Score: 7.8) – Faulty access control that allows non-owner clients to impersonate owners and escalate privileges.

The exploitation flow proceeds in four steps: First, attackers gain arbitrary code execution within the sandbox through malicious plugins or prompt injection. Next, the TOCTOU vulnerabilities are exploited to steal credentials and sensitive files. In the third step, CVE-2026-44118 is leveraged to assume owner privileges. Finally, CVE-2026-44112 enables backdoor injection and persistent control of the system.

OpenClaw version 2026.4.22 contains fixes for all four vulnerabilities. Security researcher Vladimir Tokarev is credited with discovering the vulnerabilities. Users should perform an update immediately.

Share on: