Six flaws found hiding in OpenClaw’s plumbing
Summary
Security researchers at Endor Labs found six high-to-critical vulnerabilities in OpenClaw, an open-source AI agent framework (a platform combining large language models with tools and external integrations). The flaws include SSRF (server-side request forgery, where attackers trick a server into making unintended requests), missing webhook authentication, authentication bypasses, and path traversal (unauthorized access to files outside intended directories), all confirmed with working proof-of-concept exploits. OpenClaw has already published patches and security advisories addressing these issues.
Solution / Mitigation
OpenClaw has published patches and security advisories for the issues. The disclosure noted that fixes were implemented across the affected components.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4134540/six-flaws-found-hiding-in-openclaws-plumbing.html
First tracked: February 19, 2026 at 11:00 AM
Classified by LLM (prompt v3) · confidence: 85%