Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence.

The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below -

CVE-2026-44112 (CVSS score: 9.6/6.3) - A time-of-check/time-of-use (TOCTOU) race condition vulnerability in the OpenShell managed sandbox backend that allows attackers to bypass sandbox restrictions and redirect writes outside the intended mount root.

CVE-2026-44113 (CVSS score: 7.7/6.3) - A TOCTOU race condition vulnerability in OpenShell that allows attackers to bypass sandbox restrictions and read files outside the intended mount root.

CVE-2026-44115 (CVSS score: 8.8) - An incomplete list of disallowed inputs vulnerability that allows attackers to bypass allowlist validation by embedding shell expansion tokens in a here document (heredoc) body to execute unapproved commands at runtime.

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Other newsrooms on this story

Related reading

What is OpenClaw and what are the dangers associated with it?

Other newsrooms on this story

Related reading

What is OpenClaw and what are the dangers associated with it?

OpenClaw Agents Can Be Guilt-Tripped Into Self-Sabotage

OpenClaw gives users yet another reason to be freaked out about security

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

Security experts are uneasy about OpenClaw, the bad boy of AI agents | Fortune

Meta and Other Tech Firms Put Restrictions on Use of OpenClaw Over Security…