OpenClaw Product Security Update Advisory

Apr 09 2026

Overview.

Multiple security vulnerabilities have been disclosed and security updates have been released in the OpenClaw suite.

Vulnerability Details.

vulnerability types include authentication bypass, execution allowlist bypass, command execution-command injection, remote code execution (RCE), privilege escalation, access control bypass, sandbox escape, information leakage, etc.

Impact and Risk.

affected includes the openclaw core, OpenClaw Agent Platform, nextcloud-talk extension, and related subagents and gateway components.
multiple vulnerabilities can be executed remotely, which could lead to a full system takeover or privilege escalation and data exfiltration.

Recommended Countermeasures.

the patch status lists specific patch versions for most CVEs, for example, CVE-2026-22172 was resolved in openclaw 2026.3.12 and CVE-2026-32917 was resolved in openclaw 2026.3.13 and later.
some vulnerabilities have different patching criteria per role and per component, and the nextcloud-talk-related vulnerability (CVE-2026-28474) is fixed in nextcloud-talk 2026.2.6 and later.
it should be noted that CVE-2026-30741 in OpenClaw Agent Platform is currently unpatched.

References.

a detailed list of vulnerabilities, patch versions, and technical descriptions can be found in the list of reference links provided.

OpenClaw Product Security Update Advisory

Overview.

Vulnerability Details.

Impact and Risk.

Recommended Countermeasures.

References.

Palo Alto Networks Family April 2026 Security Update Advisory

OpenSSL Product Security Update Advisory

Overview.

Vulnerability Details.

Impact and Risk.

Recommended Countermeasures.

References.

Tags:

Palo Alto Networks Family April 2026 Security Update Advisory

OpenSSL Product Security Update Advisory