ClawHosters ClawHosters
Subs -10% SUB-10
40,000 OpenClaw Instances Exposed — And the Number Is Growing
$ ./blog/news
News

40,000 OpenClaw Instances Exposed — And the Number Is Growing

ClawHosters
ClawHosters by Daniel Samer
3 min read

SecurityScorecard just published findings that should make every self-hosted OpenClaw user stop and check their setup. Their team found 40,214 exposed OpenClaw instances across 28,663 unique IP addresses. 63% of those deployments are running vulnerable versions. And 12,812 are exploitable via remote code execution.

The numbers are spread across 82 countries. 37% sit in China, followed by the US and Singapore. According to Infosecurity Magazine, 45% of all exposed instances run on Alibaba Cloud.

Why This Keeps Getting Worse

Here's the part that caught my attention. Jeremy Turner, VP of Threat Intelligence at SecurityScorecard, told The Register: "Usually when we do scans for a vulnerability, what we start with in the first scan is the most of the exposure and then over time it decreases. In this case, because it's a new technology and more users are adopting it, we see that trend actually doing the opposite."

So the exposure is growing, not shrinking. That's unusual and concerning.

The Root Cause Is Simple

OpenClaw's Docker deployment binds to 0.0.0.0:18789 by default. That means all network interfaces, including the public internet. The desktop CLI version correctly binds to 127.0.0.1 (localhost only). But most VPS and cloud users go the Docker route, and if you don't change that default, your instance is wide open.

SecurityScorecard also flagged three CVEs worth knowing about:

  • CVE-2026-25253 (CVSS 8.8): One-click RCE through auth token theft

  • CVE-2026-25157 (CVSS 7.8): SSH command injection

  • CVE-2026-24763 (CVSS 8.8): Docker sandbox escape

Turner added: "It's only a matter of time before we see threat actors actively exploiting these exposures."

What You Should Do

If you're running OpenClaw on a VPS, check your Docker Compose config right now. Make sure port 18789 is bound to 127.0.0.1, not 0.0.0.0. Update to the latest version. And read our security hardening guide for the full checklist.

Or skip all of that. ClawHosters runs every instance in an isolated container with authentication enforced, restricted network access, and the built-in safety scanner running automatically. No exposed ports, no misconfiguration risk.

Frequently Asked Questions

Not yet. SecurityScorecard's scan identified exposure, not active exploitation. But with 12,812 instances vulnerable to RCE, it's a matter of when, not if. Attackers follow published research closely.

Check your Docker Compose file for the port binding. If it says `0.0.0.0:18789` or just `18789:18789` without a specific IP, your instance is publicly reachable. Change it to `127.0.0.1:18789:18789` and use a reverse proxy with authentication.

Yes. ClawHosters instances never bind to public interfaces. Every instance runs behind authentication with network isolation by default. The exposure SecurityScorecard found only affects self-hosted setups with default Docker configurations.
*Last updated: March 2026*

Sources

  1. 1 40,214 exposed OpenClaw instances
  2. 2 According to Infosecurity Magazine
  3. 3 told The Register
  4. 4 security hardening guide
  5. 5 ClawHosters
  6. 6 built-in safety scanner
$ ./related --posts