"Security experts have discovered tens of thousands of unsecured OpenClaw instances. The AI agents run vulnerable software versions and offer attackers access to systems. More than 12,000 instances are vulnerable to remote code execution. Researchers at SecurityScorecard have exposed a major security problem for the rapidly growing OpenClaw. Through internet scans, the team identified 28,663 unique IP addresses with exposed OpenClaw control panels spread across 76 countries."
"All vulnerabilities have been patched in version v2026.1.29 of January 29. However, the data show that most identified instances are running older versions. The Belgian Center for Cybersecurity recently warned about these critical vulnerabilities in OpenClaw, emphasizing that the agent requires access to root files, authentication data, and all system files. OpenClaw automatically uses the network binding 0.0.0.0:18789. This means that it listens on all network interfaces, including the public internet."
Internet scans identified 28,663 unique IP addresses with exposed OpenClaw control panels across 76 countries. Of those, 12,812 instances are vulnerable to remote code execution, enabling attackers to gain full control over host systems. A further 549 exposed instances correlate with previous data breaches and 1,493 are linked to known vulnerabilities. Three high-severity advisories describe CVE-2026-25253 (1-click RCE), CVE-2026-25157 (SSH command injection on macOS), and CVE-2026-24763 (Docker sandbox escape). Patches were released in v2026.1.29, but most instances run older versions. OpenClaw defaults to network binding 0.0.0.0:18789, exposing agents to the public internet and increasing risk.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]