Security experts are raising alarms about OpenClaw, a popular AI tool with 347,000 stars on GitHub, due to a recently addressed vulnerability posing significant risks. This AI agent has the capability to control users’ devices and access various platforms, such as Telegram, Discord, and Slack, performing tasks like file organization and online shopping. However, it requires extensive permissions to function effectively.
A high-severity vulnerability, CVE-2026-33579, has been identified, allowing users with minimal permissions to gain administrative control. This means that an attacker holding the lowest-level privilege can approve device pairings that elevate their access, leading to a complete takeover of the OpenClaw instance without further user interaction. For organizations utilizing OpenClaw, this vulnerability could result in severe data breaches and unauthorized access to sensitive information, posing a massive security threat. It’s crucial for organizations to apply recent security patches and review their OpenClaw deployments to mitigate these risks.
Source link
