How many CVEs does OpenClaw have in 2026?

138+ CVEs, roughly 2.2 new vulnerabilities per day.

How many OpenClaw instances are exposed?

42,000+ on public internet, 63% with auth disabled.

Called it from a security perspective, an absolute nightmare.

What did Microsoft say?

Not appropriate to run on a standard personal or corporate machine.

← Back to dashboard

clawsmith.com/signal/openclaw-138-cves-2026-security-nightmare-cisco

⚠ IssueWide OpenLive

OpenClaw accumulates 138+ CVEs in 63 days, Cisco calls it security nightmare

Q: What are the most severe OpenClaw CVEs?

CVE-2026-22172 and CVE-2026-32922, both CVSS 9.9.

BetterClaw tracking shows 138+ CVEs for OpenClaw in 2026, roughly 2.2/day. Worst: CVE-2026-22172 and CVE-2026-32922 both CVSS 9.9. Shodan found 42,000+ exposed instances, 63% with auth disabled. Belgium issued emergency advisory.

Product Idea from this Signal

A security policy engine that validates OpenClaw deployments against enterprise compliance rules before they go live

1.2k ▲

Microsoft just deployed OpenClaw to 3,000 employees via Project Lobster while their own Defender team warns to treat it as untrusted code execution. Meanwhile 138+ CVEs have been filed in 63 days and Cisco called it a security nightmare. Enterprises want OpenClaw but security teams are blocking it. This tool sits between the deployment decision and the live instance, running a compliance check against corporate security policies (auth enabled, CVE patches applied, network exposure limited, plugin allowlists enforced) and generating a pass/fail report with remediation steps.

CLIOPEN-SOURCESECURITYENTERPRISECOMPLIANCE

UnderservedView Opportunity →