Security researchers at Cyera have disclosed four chainable vulnerabilities in OpenClaw, a rapidly growing open source AI agent framework, collectively dubbed 'Claw Chain.' The flaws — including two TOCTOU race conditions, a credential-exposure logic flaw, and a privilege escalation bug — can be chained to give attackers initial access, credential theft, privilege escalation, and persistent backdoor access. All four CVEs (highest CVSS 9.6) have been patched in versions after April 23, 2026. What makes the attack chain especially dangerous is that each step exploits the agent's own legitimate capabilities, making malicious activity indistinguishable from normal agent behavior to conventional security tools. Experts warn that OpenClaw's broad system access — file system, terminal, APIs, financial and health data — amplifies the risk, and organizations should apply least-privilege principles and proper governance when deploying AI agent platforms.
Sort: