If you’re utilizing OpenClaw, the widely-used AI agentic tool, it is essential to perform an update if you haven’t done so yet. OpenClaw has acknowledged security vulnerabilities, as noted earlier. Creator Peter Steinberger has alerted users on GitHub regarding the absence of a “perfectly secure” setup.

OpenClaw enables users to delegate control over devices and access to applications, files, and accounts, acting on their behalf. This functionality introduces significant risks if issues arise, as security researchers have indicated.

Recently, an issue did occur. Ars Technica reports that OpenClaw developers addressed three high-severity vulnerabilities last week, with CVE-2026-33579 being the most critical, rated 9.8 out of 10. Researchers at Blink discovered that this vulnerability permitted anyone with minimal access to escalate to full administrative rights.

Blink clarified that OpenClaw’s device pairing mechanism did not verify if the individual granting access had the proper authority, allowing attackers with basic privileges to achieve admin access. Roughly 63% of internet-connected OpenClaw instances were without authentication, rendering them susceptible to takeover.

The patch was issued on Sunday, April 5, but the CVE listing emerged two days later, providing attentive attackers with a head start. CVE-2026-33579 marks the sixth pairing-related vulnerability revealed within six weeks, all resulting from a design flaw in permission management. Each patch has targeted specific exploits without reworking the authorization system.

If you are using OpenClaw, upgrade to version 2026.3.28 right away. If you have used an earlier version recently, consider your instance potentially compromised and check activity logs for any suspicious approvals.

Reflect on whether the productivity advantages of such a powerful tool surpass the related security risks.