Cybersecurity researchers have identified four critical vulnerabilities in the OpenClaw AI assistant platform that can be chained together to escape sandbox protections, steal sensitive data, escalate privileges, and install persistent backdoors on affected systems. The vulnerabilities, collectively named “Claw Chain,” were disclosed by cybersecurity firm Cyera.
According to researchers, attackers who already have code execution access inside the OpenShell sandbox can exploit the flaws through prompt injections, malicious plugins, or compromised external inputs. Once triggered, the vulnerabilities allow attackers to bypass restrictions and gain deeper control over the host environment.
The attack chain includes multiple vulnerabilities identified as CVE-2026-44112, CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118. Researchers explained that attackers could use these flaws to access credentials, API keys, authentication tokens, configuration files, system secrets, and other sensitive information stored on compromised systems.
One of the most severe vulnerabilities, CVE-2026-44112, carries a CVSS score of 9.6 and involves a race condition flaw that enables attackers to write data outside the sandbox boundary. This can allow threat actors to modify configurations, deploy backdoors, and maintain long-term control over infected hosts.
Cyera reported that more than 60,000 publicly accessible OpenClaw instances may be exposed to these vulnerabilities, while some estimates place the number even higher. Researchers warned that AI agent platforms such as OpenClaw often have extensive access to internal systems, sensitive enterprise data, and operational tools, increasing the potential impact of successful attacks.
The vulnerabilities have reportedly been patched in OpenClaw version 2026.4.22, and security experts are urging users to immediately update affected installations to reduce the risk of exploitation.
