ClawHosters ClawHosters
Subs -30% SUB30
433 CVEs in 164 Days: FlyingPenguin Calls OpenClaw 'Perhaps the Worst Software Ever Released'
$ ./blog/news
News

433 CVEs in 164 Days: FlyingPenguin Calls OpenClaw 'Perhaps the Worst Software Ever Released'

ClawHosters
ClawHosters by Daniel Samer
3 min read

Security blog FlyingPenguin dropped a report on May 7 that should worry every self-hosted OpenClaw operator. The title alone says everything: "OpenClaw is Cooked: 433 CVEs Patched by Agents That Can't Fix What's Broken."

2.64 security failures per day. That's the math since OpenClaw launched in November 2025. The longest streak without a CVE? Twelve days, from February 7 to 18. That was the best it got.

The Numbers

FlyingPenguin's analysis attributes 376 of those CVEs to VulnCheck, a respected CNA. The rest came through other channels. But the raw count is only part of the story.

Here's what actually scares me:

  • 63% of internet-reachable OpenClaw instances run with authentication disabled

  • 42,900 exposed instances online right now

  • 15,200 of those directly vulnerable to remote code execution

  • 341 malicious skills flagged out of 2,857 reviewed on ClawHub (roughly 900 estimated by March)

Microsoft Defender now classifies OpenClaw as "untrusted code execution with persistent credentials." Oasis Security published a separate finding that any website you visit can silently take full control of a running OpenClaw agent. Think about that for a second.

Five Categories of Failure

FlyingPenguin groups the vulnerabilities into what they call "Flobster" categories. Trust-boundary collapse leads with 47 advisories. Authorization scope problems account for 41. Exec-boundary injection at 18, control-plane exposure at 10, and LLM-surface vulnerabilities round it out with three.

The pattern is clear: OpenClaw was built fast, shipped fast, and security was an afterthought.

What This Means If You Self-Host

Self-hosting OpenClaw means you're personally responsible for tracking and patching 2.6 CVEs per day. Every single day. Miss one, and you're potentially exposing your server to remote code execution.

Most people running OpenClaw at home don't even know these CVEs exist until a blog post like FlyingPenguin's goes viral.

On ClawHosters, security patches land before most users hear about the vulnerability. No public gateway exposure, no default-disabled auth, no localhost trust assumptions. That's not marketing talk. It's the result of running managed infrastructure where someone actually watches the CVE feeds daily.

If you want the full picture on how we handle this, our security hardening guide breaks down every layer. And the managed vs. self-hosted comparison puts the real trade-offs side by side.

Plans start at $3.90/month. Probably cheaper than the time you'd spend chasing 2.64 CVEs a day.

Frequently Asked Questions

It depends entirely on your setup. FlyingPenguin documented 433 CVEs in 164 days, and 63% of public instances run without authentication. Self-hosted installations require constant patching. Managed platforms like ClawHosters apply patches proactively.

Based on FlyingPenguin's May 2026 report, OpenClaw has averaged 2.64 CVEs per day since its November 2025 launch. The longest gap without a new CVE was 12 days in February 2026.

Yes. ClawHosters applies security patches before most CVEs become public knowledge. Managed instances don't expose the gateway publicly, authentication is always enabled, and localhost trust boundaries are properly isolated.

Sources

  1. 1 FlyingPenguin's analysis
  2. 2 ClawHosters
  3. 3 ClawHosters
$ ./related --posts