How many OpenClaw servers are publicly exposed?

As of May 2026, Shodan finds approximately 65,000 and ZoomEye finds approximately 180,000 publicly accessible OpenClaw instances, totaling roughly 245,000 exposed servers.

What are the Claw Chain CVEs?

CVE-2026-44112 (CVSS 9.6) sandbox write escape, CVE-2026-44113 (CVSS 7.7) sandbox read escape, CVE-2026-44115 (CVSS 8.8) credential leak via heredocs, CVE-2026-44118 (CVSS 7.8) privilege escalation via senderIsOwner flag.

Are the Claw Chain vulnerabilities patched?

Yes, all four were patched in OpenClaw v2026.4.22 after responsible disclosure by Cyera in April 2026. However, many of the 245,000 exposed instances remain unpatched.

What can an attacker do with Claw Chain?

The chain enables sandbox escape, reading files outside sandbox, stealing API keys and credentials, escalating to owner-level privileges, and planting persistent backdoors on the host system.

Which industries are most at risk from Claw Chain?

Financial services, healthcare, and legal sectors face the highest risk, particularly where agent workflows process PII, PHI, or privileged credentials.

← Back to dashboard

clawsmith.com/signal/openclaw-245k-exposed-servers-claw-chain-may-2026

⚠ IssueWide OpenLive

OpenClaw Claw Chain Exposure: 245,000 Public AI Agent Servers Vulnerable on Shodan + ZoomEye

Shodan and ZoomEye scans reveal ~65,000 and ~180,000 publicly accessible OpenClaw instances respectively, totaling ~245,000 exposed servers. Combined with Claw Chain CVEs (CVE-2026-44112 CVSS 9.6, CVE-2026-44113, CVE-2026-44115, CVE-2026-44118), vulnerable to sandbox escape, credential theft, privilege escalation, and persistent backdoor installation. Patched in v2026.4.22 but many remain unpatched.

Product Idea from this Signal

A CLI tool that scans your network for exposed OpenClaw instances, maps their CVE exposure, and pushes patch commands to bring them current

248.1k ▲

245,000 OpenClaw instances sit publicly accessible on Shodan and ZoomEye as of May 2026, most still vulnerable to the Claw Chain sandbox-escape chain (CVE-2026-44112 through CVE-2026-44118). Enterprise teams running multiple instances have no way to discover which ones are exposed, which CVEs apply to each version, and batch-apply patches. Existing tools check a single known instance but cannot scan a CIDR range or fleet. This tool crawls a network, fingerprints each OpenClaw version, maps it against the full CVE database (138+ tracked), and pushes upgrade commands over SSH or Docker API.

CLISECURITYDEVOPSOPEN-SOURCE

CompetitiveView Opportunity →