OpenClaw is averaging 1.8 CVEs *PER DAY* https://days-since-openclaw-cve.com/
-
OpenClaw also got a terrifying privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Meanwhile the OpenClaw founder is claiming shush, it's no big deal, probably most of these aren't really exploitable! (There's good business interest reasons to argue that, since OpenClaw's founders got acquired by OpenAI) https://news.ycombinator.com/item?id=47629849
Okay. I know I have more than a few security researchers following me. There's a public list of literally hundreds of thousands of publicly accessible OpenClaw instances right here: https://openclaw.allegro.earth/
Anyone try taking a sampling of them and testing how vulnerable against recent escalation CVEs they are? Could be a rather juicy writeup!
Is it a crime to hack instances in a country you're at war with?
Some of those openclaw agents were in Russia.
-
By the way, I encourage browsing through the CVEs reported https://nvd.nist.gov/vuln/search#/nvd/home?keyword=openclaw&resultType=records
These are by and large not minor CVEs.
@cwebber the more CVEs a project has, the more Web Scale it is
-
R relay@relay.mycrowd.ca shared this topic
-
OpenClaw is averaging 1.8 CVEs *PER DAY* https://days-since-openclaw-cve.com/
That's... wow. New high score!
@cwebber
OpenClaw is averaging 1.8 CVEs *PER DAY*... since day 1, i.e. November 2025, wow!They must be popular to have so many security researchers check them out
-
OpenClaw is averaging 1.8 CVEs *PER DAY* https://days-since-openclaw-cve.com/
That's... wow. New high score!
@cwebber
CVE = Common Vulnerabilities and Exposures, in case that helps anyone else besides meI try to do for initialisms and acronyms what alt text does for images.
Wikipedia: "The Common Vulnerabilities and Exposures (CVE) system, originally Common Vulnerability Enumeration, provides a reference method for publicly known information-security vulnerabilities and exposures."
-
@cwebber the more CVEs a project has, the more Web Scale it is
-
@cwebber
CVE = Common Vulnerabilities and Exposures, in case that helps anyone else besides meI try to do for initialisms and acronyms what alt text does for images.
Wikipedia: "The Common Vulnerabilities and Exposures (CVE) system, originally Common Vulnerability Enumeration, provides a reference method for publicly known information-security vulnerabilities and exposures."
@shansterable @cwebber Thank you!
-
@cwebber the more CVEs a project has, the more Web Scale it is
-
OpenClaw is averaging 1.8 CVEs *PER DAY* https://days-since-openclaw-cve.com/
That's... wow. New high score!
-
-
OpenClaw is averaging 1.8 CVEs *PER DAY* https://days-since-openclaw-cve.com/
That's... wow. New high score!
@cwebber CVE as a service
-
-
OpenClaw is averaging 1.8 CVEs *PER DAY* https://days-since-openclaw-cve.com/
That's... wow. New high score!
@cwebber Everybody: AI can’t find CVEs
OpenClaw: Bet -
-
OpenClaw also got a terrifying privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Meanwhile the OpenClaw founder is claiming shush, it's no big deal, probably most of these aren't really exploitable! (There's good business interest reasons to argue that, since OpenClaw's founders got acquired by OpenAI) https://news.ycombinator.com/item?id=47629849
Okay. I know I have more than a few security researchers following me. There's a public list of literally hundreds of thousands of publicly accessible OpenClaw instances right here: https://openclaw.allegro.earth/
Anyone try taking a sampling of them and testing how vulnerable against recent escalation CVEs they are? Could be a rather juicy writeup!
@cwebber I mean you could make an argument that the CVE s dont matter given the target audience of openclaw
-
@cwebber I mean you could make an argument that the CVE s dont matter given the target audience of openclaw
@lunathemoongirl Indeed, OpenClaw is a CVE
-
@lunathemoongirl Indeed, OpenClaw is a CVE
@cwebber why bother exploiting the program when i can ask the Aiagent to please hand over all the keys and password
-
OpenClaw also got a terrifying privilege escalation vulnerability https://nvd.nist.gov/vuln/detail/CVE-2026-33579
Meanwhile the OpenClaw founder is claiming shush, it's no big deal, probably most of these aren't really exploitable! (There's good business interest reasons to argue that, since OpenClaw's founders got acquired by OpenAI) https://news.ycombinator.com/item?id=47629849
Okay. I know I have more than a few security researchers following me. There's a public list of literally hundreds of thousands of publicly accessible OpenClaw instances right here: https://openclaw.allegro.earth/
Anyone try taking a sampling of them and testing how vulnerable against recent escalation CVEs they are? Could be a rather juicy writeup!
@cwebber I doubt they update frequently, so you can even try some quite old CVEs against them!
-
R relay@relay.infosec.exchange shared this topic
