Experts recommend the immediate removal of the viral AI tool OpenClaw
The developers of the popular AI agent have released urgent patches to fix three critical vulnerabilities. The most dangerous of these allows attackers to gain administrator rights and full control over the user’s computer without any interaction.
This is reported by RBC-Ukraine, citing material from Ars Technica.
More interesting news: Iran is preparing attacks on Google, Apple, Boeing: why the IRGC declared war on tech giants
What is the essence of the threat?
The security vulnerability CVE-2026-33579 has received an extremely high threat level – from 8.1 to 9.8 out of 10. According to cybersecurity experts, the issue lies in the fact that an attacker with the lowest level of access can stealthily elevate their privileges to administrator status.
What this means for users:
- Complete takeover: a hacker gains access to all resources managed by OpenClaw (Telegram, Slack, Discord, work files, and banking sessions);
- Data theft: the ability to read connected data sources and steal saved accounts;
- Lack of verification: the request approval function did not check the access rights of the party, which automatically confirms the request.
The scale of the problem and expert recommendations
OpenClaw has become a real sensation on GitHub, gathering over 347,000 stars. However, its autonomy and broad access to system resources have made the service an ideal target for cyberattacks.
According to scans, about 63% of OpenClaw instances (working copies of the object) available online operated without any authentication. This means that any network visitor could gain control over the tool without a password.
How to prevent the problem – security experts’ advice
- Log review: users are advised to carefully check the activity log (specifically the /pair approval events) for the past week.
- Usage ban: major companies, including Meta, have already banned their employees from installing OpenClaw on work laptops under the threat of dismissal.
- Removal: experts recommend weighing whether the effectiveness of the AI assistant is worth the risk of complete compromise of corporate or personal networks.
Read more:
Will the Rada ban smartphones in class? A deputy gave a clear answer
Sony PlayStation 5 consoles will significantly increase in price: when and by how much
