If you’re running OpenClaw — the open-source AI agent that’s taken the tech world by storm with over 247,000 GitHub stars — you need to pay attention. Between March 18 and March 21, nine security vulnerabilities were publicly disclosed for the platform. One of them scored a 9.9 out of 10 on the industry-standard severity scale. That’s about as bad as it gets.
Here’s what happened, why it matters even if you’re not a developer, and exactly what you should do right now to stay safe.
What Happened
Security researchers discovered and reported nine separate vulnerabilities — formally called CVEs (Common Vulnerabilities and Exposures) — in OpenClaw’s codebase. These were disclosed in rapid succession over just four days, an unusual burst that caught both the community and security teams off guard.
The most alarming issue, rated 9.9 out of 10 on the CVSS severity scale, involves an authorization bypass. In plain terms: when connecting to OpenClaw’s gateway, an attacker could declare their own permission levels during the connection process, effectively bypassing all security restrictions. It’s like someone walking into a secure building and handing themselves a master key.
Critical: If you’re running any version of OpenClaw older than v2026.3.12, your system may be vulnerable. Update immediately.
Why This Matters for Everyday Users
You might be thinking: “I just use OpenClaw to automate emails and organize files — why should I care about CVEs?” The answer comes down to what OpenClaw actually does. Unlike a simple chatbot, OpenClaw has direct access to your computer. It can read files, run commands, browse the web, and interact with your applications. A security flaw in OpenClaw isn’t like a bug in a calculator app — it’s a potential open door to your entire system.
Two of the vulnerabilities involved “sandbox escape” issues. OpenClaw uses sandboxing to keep its AI sub-agents contained — think of it as putting each task in its own sealed room. These bugs allowed agents to break out of those rooms and access data or controls they weren’t supposed to touch. In a worst-case scenario, a malicious skill downloaded from the community could exploit these flaws to access sensitive information on your machine.
The timing is especially concerning because OpenClaw has exploded in popularity. Over 42,000 exposed OpenClaw instances were found on the public internet in recent scans, many running outdated versions. The US accounts for a significant share of that exposure.
The Disclosure Timeline Was Messy
One of the more frustrating aspects of this situation is the disclosure timeline. Patches for five of the nine vulnerabilities were actually included in version 2026.2.22, released back in late February. But the CVEs themselves weren’t publicly disclosed until March 19–21 — nearly a month later.
That means many users who were diligent about updating were already protected without even knowing a threat existed. But it also means anyone who skipped that update spent a month exposed to known vulnerabilities without any public warning. This kind of staggered disclosure is standard practice in cybersecurity — it gives users time to patch before attackers know what to target — but it only works if people actually update.
What You Should Do Right Now
The good news: all nine vulnerabilities have been patched. Here’s your action plan.
Step 1: Check your version. Open your terminal and run openclaw --version. If you’re on anything older than v2026.3.12, you need to update.
Step 2: Update to the latest release. The current recommended version is v2026.3.22, which includes all security patches plus dozens of new features. Run openclaw update or reinstall from the official repository.
Step 3: Review your exposed services. If you’ve set up OpenClaw’s gateway or WebSocket connections to be accessible from outside your local network, reconsider that configuration. The critical 9.9 vulnerability specifically targets remote connections.
Step 4: Be selective with community skills. Only install skills and plugins from trusted sources. The sandbox escape vulnerabilities could be exploited through malicious third-party skills.
The Bigger Picture: Growing Pains of a Viral Tool
Nine CVEs in four days sounds alarming, and it is. But context matters. OpenClaw went from a niche hobby project to the fastest-growing open-source repository in GitHub history — surpassing React’s 10-year record in just 60 days. That kind of explosive growth inevitably puts a target on any software’s back. More eyes on the code means more vulnerabilities get found, and that’s actually a sign of a healthy open-source ecosystem.
NVIDIA clearly sees the potential too. Their NemoClaw enterprise stack, announced at GTC 2026 on March 16, was designed specifically to address these kinds of security concerns. NemoClaw wraps OpenClaw in NVIDIA’s OpenShell runtime, adding enterprise-grade sandboxing and isolation. It’s a strong signal that the industry expects OpenClaw to mature into a serious enterprise tool — but also an acknowledgment that the base platform needs additional security layers for professional use.
The OpenClaw team has responded quickly to each disclosure, and the v2026.3.22 release includes over 30 security patches alongside its new features. The project is also moving to an open-source foundation following creator Steinberger’s move to OpenAI, which should bring more structured security review processes going forward.
Bottom Line
OpenClaw is a powerful tool, and powerful tools demand respect. Update your installation today, be cautious about what skills you install, and keep an eye on security advisories. The AI agent revolution is real, but so are the risks that come with giving AI direct access to your computer. Stay updated, stay safe.