ClawHosters ClawHosters
Four Critical CVEs Hit OpenClaw: What You Need to Know (March 2026)
$ ./blog/news
News

Four Critical CVEs Hit OpenClaw: What You Need to Know (March 2026)

ClawHosters
ClawHosters by Daniel Samer
3 min read

On March 13, four security advisories dropped for OpenClaw. The worst one scores a CVSS 9.9. If you self-host, you need to act on this today.

ClawHosters managed instances were patched before public disclosure. But if you run your own setup, keep reading.

WebSocket Privilege Escalation (CVSS 9.9)

This is the big one. GHSA-rqpp-rjj8-7wv8 lets any authenticated client self-declare operator.admin scope during the WebSocket handshake. The server never checked whether the device identity actually had that scope.

So a low-privilege user could grant themselves full admin access. No exploitation confirmed in the wild, but the attack is trivial. Fixed in 2026.3.12.

Feishu Webhook Forgery (CVSS 8.6)

If you use Feishu or Lark as your messaging integration, GHSA-g353-mgv3-8pcj is relevant. Setups relying only on verificationToken without configuring encryptKey accepted forged webhook payloads. An attacker could impersonate any Feishu sender and trigger arbitrary agent actions.

Mostly affects Chinese enterprise deployments. Fixed in 2026.3.12. If you use Feishu, configure encryptKey immediately.

Credential Exposure in Setup Codes (CVSS 5.3)

The /pair endpoint (GHSA-7H7G-X2PX-94HJ) embedded the gateway's long-lived auth token directly in pairing payloads. Anyone who recovered a QR code from logs or screenshots could authenticate indefinitely.

Fixed in 2026.3.12, but updating alone isn't enough. You need to rotate your gateway credentials after the upgrade.

Exec Approval Bypass (CVSS 5.3)

A case-folding mismatch combined with the ? wildcard crossing directory boundaries (GHSA-F8R2-VG7X-GH8M) meant agents could execute commands without user approval. Fixed in 2026.3.11.

What You Should Do

If you self-host OpenClaw, here's the short version:

  1. Update to 2026.3.12 (covers all four CVEs)
  2. Rotate gateway credentials (the pairing token fix won't help if old tokens are already out there)
  3. Configure encryptKey for Feishu integrations
  4. Review your security hardening setup and consider running the safety scanner

Or skip all of that. ClawHosters managed instances were patched before the advisories went public. That's the point of managed hosting.

No confirmed in-the-wild exploitation for any of these four CVEs. But with a CVSS 9.9 on the WebSocket flaw, I wouldn't wait around.

Frequently Asked Questions

No. Managed instances received patches before the public disclosure on March 13. If you're on ClawHosters, no action is needed on your end.

Yes, specifically your gateway pairing credentials. The GHSA-7H7G-X2PX-94HJ fix stops new tokens from leaking, but any previously exposed tokens still work until rotated.

Version 2026.3.12 covers three of the four. The exec approval bypass was fixed in 2026.3.11. Updating to 2026.3.12 gets you both.
*Last updated: March 2026*

Sources

  1. 1 GHSA-rqpp-rjj8-7wv8
  2. 2 GHSA-g353-mgv3-8pcj
  3. 3 GHSA-7H7G-X2PX-94HJ
  4. 4 GHSA-F8R2-VG7X-GH8M
$ ./related --posts