Where to track OpenClaw CVEs?

jgamblin/OpenClawCVEs on GitHub with 156 stars.

How many CVEs does OpenClaw have?

138+ disclosed CVEs as of May 2026 with 413 published records in jgamblin tracker.

Most severe OpenClaw CVEs?

CVE-2026-22172 and CVE-2026-32922 both at CVSS 9.9.

How many instances exposed?

500K+ on public internet, 135K in 82 countries, 63% without authentication.

What was the first OpenClaw audit?

January 25 2026 found 512 total vulnerabilities including 8 critical.

← Back to dashboard

clawsmith.com/signal/openclaw-138-cves-betterclaw-security-report-2026

⚠ IssueWide OpenLive

OpenClaw Security 2026: 138+ CVEs Tracked, 413 Published Records, 500K Exposed Instances

BetterClaw report: 138+ CVEs across 18 OpenCVE pages. jgamblin/OpenClawCVEs tracker holds 413 records. Most severe: CVSS 9.9. First audit Jan 2026 found 512 vulns, 8 critical. 500K instances on public internet, 135K exposed in 82 countries, 63% without auth.

Product Idea from this Signal

A CLI tool that audits your OpenClaw instance against every known CVE, flags exposed endpoints, and generates a hardening playbook specific to your config

2.4k ▲

OpenClaw has 138+ CVEs as of May 2026 with 500K instances on the public internet and 63% running without authentication. The jgamblin/OpenClawCVEs tracker holds 413 published vulnerability records. Developers who initially promoted OpenClaw are publicly abandoning it because the security posture is unknowable without manually cross-referencing dozens of advisories against your specific version and config. This CLI scans your running instance, matches your exact version and enabled plugins against the full CVE database, checks for exposed endpoints and missing auth, and outputs an actionable hardening plan.

CLIOPEN-SOURCESECURITYDEVTOOL

CompetitiveView Opportunity →