Does OpenClaw v2026.5.27 still use Sharp for image processing?

No. v2026.5.27 replaces Sharp and the WhatsApp Jimp fallback with Rastermill for metadata, resizing, EXIF orientation, and PNG alpha-preserving optimization.

What is the Tailscale security fix in OpenClaw v2026.5.27?

No-auth Tailscale exposure is now rejected, preventing unauthenticated access via Tailscale connections.

Does OpenClaw v2026.5.27 change admin permissions?

Yes. Node and device-role approvals now require admin authority, preventing non-admin entities from approving new nodes or changing device roles.

← Back to dashboard

clawsmith.com/signal/openclaw-v2026-5-27-security-hardening-tailscale-admin

📈 TrendsWide OpenLive

OpenClaw v2026.5.27: Security Hardening — Tailscale No-Auth Rejected, Admin Authority for Node Approvals, Content Boundaries

Q: What security changes are in OpenClaw v2026.5.27?

Group prompt text isolated from system prompt, repeated-dot hostnames normalized, side-effecting command wrappers blocked, unsafe Node runtime env overrides blocked, no-auth Tailscale exposure rejected, node/device-role approvals require admin authority.

v2026.5.27 shipped May 28, focusing on security and content boundaries: group prompt text isolated from system prompt, repeated-dot hostnames normalized, side-effecting command wrappers blocked, unsafe Node runtime env overrides blocked, no-auth Tailscale exposure rejected, node/device-role approvals require admin authority. Also replaces Sharp with Rastermill for image processing.

Product Idea from this Signal

A security service that auto-patches OpenClaw CVEs within hours of disclosure before attackers exploit them

460.5k ▲

OpenClaw shipped 9 CVEs in 4 days (March 2026) including a CVSS 9.9 privilege escalation affecting 135K+ exposed instances. Most operators have no way to know which CVEs affect their version, no automated patching, and no coordination between the flood of advisories (156+ total) and their actual attack surface. This tool continuously monitors CVE feeds, maps each advisory to your installed version and enabled features, and applies safe mitigations automatically while queuing risky patches for human approval.

SECURITYCLIDEVTOOLOPEN-SOURCESYSADMIN

CompetitiveView Opportunity →