Security research firm Endor Labs has disclosed six new vulnerabilities in OpenClaw, highlighting the ongoing security challenges facing the rapidly adopted AI agent framework.
The Vulnerabilities
The six flaws span multiple OpenClaw subsystems:
- CVE-2026-26322 (CVSS 7.6) — Server-Side Request Forgery (SSRF) in the Gateway tool, potentially allowing attackers to access internal network resources.
- CVE-2026-26319 (CVSS 7.5) — Missing authentication on Telnyx webhook endpoints, enabling unauthorized message injection.
- CVE-2026-26329 (High severity) — Path traversal in browser upload functionality that could allow file system access beyond intended boundaries.
- GHSA-56f2-hvwg-5743 (CVSS 7.6) — SSRF in the image tool, similar to the gateway SSRF but through a different attack surface.
- GHSA-pg2v-8xwh-qhcc (CVSS 6.5) — SSRF in Urbit authentication flow.
- GHSA-c37p-4qqg-3p76 (CVSS 6.5) — Twilio webhook authentication bypass allowing unauthorized access.
Why It Matters
Endor Labs emphasized that data flow analysis is essential for modern applications, noting how the vulnerabilities span multiple files and components. The findings underscore the complexity of securing AI agent frameworks that integrate with numerous external services and APIs.
Patches Available
OpenClaw has addressed these vulnerabilities in recent releases. Users running self-hosted instances should update to the latest version immediately. OpenClaw Launch instances are automatically kept up to date and are protected against these issues.
The disclosure follows last month's critical RCE vulnerability (CVE-2026-25253) and reflects the heightened security scrutiny that comes with OpenClaw's rapid growth to over 200,000 GitHub stars.