OpenClaw—the AI agentic tool that’s exploded in popularity with over 347,000 GitHub stars—was designed to act just like a user: accessing files, messaging apps, cloud accounts, and more. But a recently patched vulnerability (CVE-2026-33579) shows just how dangerous that level of trust can be.

The flaw allowed anyone with the lowest level of access (pairing privileges) to silently upgrade themselves to full admin control—no user interaction required beyond the initial pairing step. In other words, an attacker could waltz in, approve their own admin request, and take over the entire OpenClaw instance.

Even worse: 63% of the 135,000 exposed OpenClaw instances were running without any authentication at all. And the patch dropped on a Sunday, but the CVE wasn’t assigned until Tuesday—giving attackers a two-day head start.

The takeaway? This isn’t just a bug. It’s a systemic risk. If you’re running OpenClaw, assume compromise, audit your logs, and seriously reconsider whether the productivity gains are worth handing over the keys to your digital kingdom.

Source: ArsTechnica