Six New OpenClaw Vulnerabilities Found by AI-Powered Code Scanner

Endor Labs security researchers ran their AI-driven SAST tool against OpenClaw's codebase in early February and pulled out six vulnerabilities. Four rated high severity. All six had working proof-of-concept exploits within 24 hours of discovery.

Endor Labs published the full technical breakdown on February 5. Patches landed in v2026.2.14 between February 14 and 15.

What They Found

Three of the six are SSRF bugs. Those let an attacker reach internal services, cloud metadata endpoints, or anything else the server can talk to. The path traversal flaw (CVE-2026-26329) is different: an authenticated attacker could read arbitrary files through Playwright's upload handling.

The two webhook bypasses are worth paying attention to. Infosecurity Magazine reports that Telnyx webhooks used a fail-open pattern, meaning a missing or malformed signature would pass validation instead of blocking the request. Twilio's bypass worked through an ngrok loopback.

Root Causes

Same story across all six: missing input validation, fail-open auth defaults, and multi-layer data flows where nobody checked the intermediate steps. According to CSO Online's analysis, the AI SAST tool caught these because it could trace data across function boundaries that traditional static analysis would miss.

What You Should Do

If you're self-hosting OpenClaw, update to v2026.2.14 or later. The Image Tool SSRF was actually patched earlier in v2026.2.2, so if you're on anything older than mid-February builds, you're probably exposed to at least some of these.

If you're running on ClawHosters, we patched all instances within hours of each fix going live. Container isolation also limits the blast radius of SSRF attacks since each instance only sees its own network namespace.

For a broader look at hardening your OpenClaw setup, check out the security hardening guide. And if you want automated scanning, the safety scanner post covers that.