Connect Clawsmith to your coding agent. Ship products like crazy.Unlimited usage during betaGet API Key โ†’
โ† Back to dashboard
clawsmith.com/signal/openclaw-april-2026-13-cves-privilege-escalation-code-exec
โš  IssueWide OpenLive

OpenClaw Patches 13 New CVEs in April 2026 Including CVSS 8.7 Privilege Escalation and 8.4 Code Execution

OpenClaw published 13 security fixes on April 9-10 2026, including CVE-2026-35639 (CVSS 8.7 privilege escalation via device.pair.approve), CVE-2026-35641 (CVSS 8.4 code exec via .npmrc), CVE-2026-41296 (CVSS 8.2 sandbox escape TOCTOU race), CVE-2026-41297 (SSRF). 138 total CVEs tracked Feb-Apr 2026.

Score Breakdown

GitHub
152

Social Proof 1 sources

GH
jgamblin/OpenClawCVEs: Tracking 138+ OpenClaw CVEs Feb-Apr 2026
gh:jgamblin ยท 2/15/2026
152
Virality Score
152
across 0 platforms
Details
Signalissue
Ecosystemโ€”
Sources1
Platforms0
Updated1h ago
Trendโ†’ stable
Top ideas
All ideas โ†’
26.1MA pre-publish scanner that strips source maps, secrets, and internal code from npm packages before they ship to the registry2.2MA routing middleware that pairs an expensive advisor model with a cheap executor model for OpenClaw agents, cutting API costs by 80% while maintaining output quality892.2KA web dashboard that finds revenue gaps and saturated niches across 180+ OpenClaw startups in real time
Related signals
All signals โ†’
11.1KOpenClaw Security Crisis: 135K Exposed Instances, RCE, AMOS Stealer2.7KOpenClaw security advisory count hits 156 (128 awaiting CVE), 42K+ exposed instances1.3KNine OpenClaw CVEs in Four Days: 42900 Exposed Instances 15200 Vulnerable to RCE