What are the OpenClaw April 2026 CVEs?

Six HIGH-severity CVEs (CVE-2026-35625, 35629, 35637, 35638, 35668, 35669) were disclosed April 9-10 covering privilege escalation, path traversal, and SSRF in OpenClaw versions before 2026.3.25.

What is CVE-2026-35669 in OpenClaw?

A privilege escalation vulnerability (CVSS 8.8) in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin scope regardless of caller permissions.

What is CVE-2026-35668 OpenClaw path traversal?

A sandbox path traversal vulnerability allowing sandboxed agents to read arbitrary files from other agents workspaces via unnormalized mediaUrl or fileUrl parameter keys.

How to fix OpenClaw April 2026 CVEs?

Upgrade to OpenClaw version 2026.3.25 or later. All six CVEs are patched in that release.

How many OpenClaw instances are vulnerable to privilege escalation?

Security researchers found 135K+ OpenClaw instances exposed to the public internet. Many running versions before 2026.3.25 are vulnerable to these privilege escalation and path traversal attacks.

What is OpenClaw SSRF vulnerability CVE-2026-35629?

A server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs, allowing attackers to redirect requests to internal endpoints.

Are OpenClaw April 2026 CVEs being exploited?

No confirmed exploitation as of April 12, 2026, though proof-of-concept code has been observed for some of the vulnerabilities.

← Back to dashboard

clawsmith.com/signal/openclaw-april-cve-batch-priv-esc-path-traversal-hn

⚠ IssueWide OpenSecurityLive

OpenClaw April CVE Batch Expands: 13+ HIGH-Severity CVEs Including Privilege Escalation, Path Traversal, SSRF

April 2026 OpenClaw CVE batch grows to 13+ vulnerabilities including CVE-2026-35669 (CVSS 8.8 gateway plugin priv-esc), CVE-2026-35625 (silent auth reconnect priv-esc to RCE), CVE-2026-35660 (/reset access control bypass), CVE-2026-35629 (SSRF in channel extensions), CVE-2026-35668 (sandbox path traversal). All fixed in v2026.3.25.

Product Idea from this Signal

A reverse proxy that enforces scope boundaries on OpenClaw gateway plugin routes and normalizes sandbox file paths before forwarding

770 ▲

OpenClaw's gateway plugin HTTP routes have a class of vulnerabilities where authenticated callers can escalate to operator.admin scope regardless of their actual permissions (CVE-2026-35669, CVSS 8.8), and sandboxed agents can read arbitrary files across workspaces through unnormalized path parameters (CVE-2026-35668). With 135K+ OpenClaw instances publicly exposed and six new HIGH-severity CVEs disclosed in April 2026 alone, a standalone reverse proxy that sits in front of the gateway and validates every plugin route call against the caller's granted scopes, while normalizing all file path parameters including mediaUrl and fileUrl aliases, would close these attack vectors without waiting for upstream patches.

SECURITYPROXYOPEN-SOURCEDEVTOOL

CompetitiveView Opportunity →