Openclaw AI Platform Exposes Critical Vulnerability to Full Administrative Hijacking

Openclaw, an open-source artificial intelligence platform, has been found to be vulnerable to a critical exploit that allows attackers to hijack full administrative control. According to a recent study by Certik, the software's architecture was originally designed for trusted local environments but is now widely deployed online, exposing major flaws.

The report highlights several high-risk failure points, including a critical vulnerability (CVE-2026-25253) that enables attackers to steal authentication tokens and hijack AI agents. Global scans revealed over 135,000 internet-exposed Openclaw instances across 82 countries, many of which had authentication disabled by default, leaking sensitive credentials in plaintext.

The study also found that the platform's repository for user-shared 'skills' has been infiltrated by malware, with hundreds of extensions bundling infostealers designed to siphon saved passwords and cryptocurrency wallets. The researchers emphasize the need for a 'security-first' approach, including strict sandbox isolation and low-privilege permissions for AI-spawned subprocesses.

Users are urged to update to version 2026.1.29 or later to patch known remote code execution (RCE) flaws, but experts warn that this is not a silver bullet. Until Openclaw reaches a more stable security phase, the industry consensus is to treat the software as inherently untrusted.