If you ran OpenClaw versions before v2026.4.x with dashboard exposed: probably yes. Check audit logs, rotate tokens.

A security researcher reported it responsibly on Feb 28 2026. Patch within 72h, public disclosure 2 weeks later.

Are more CVEs likely?

OpenClaw is a young project with high velocity. More CVEs are likely. Update discipline and hardening are mandatory — see security hardening .

Guide

CVE-2026-25253: protect yourselves now

Early 2026 over 135,000 OpenClaw instances were found unprotected on the internet — CVSS 9.9. Here's what happened and how you protect yourself.

Manuel Streit

/ May 11, 2026 / 3 min read

About this guide

CVE-2026-25253 (CVSS 9.9) exposed 135,000+ OpenClaw instances. Protect your daemon: update, allowlist, requireMention, audit.

What is CVE-2026-25253?

A critical vulnerability in OpenClaw before v2026.4.x. The local dashboard was bound to 0.0.0.0:18789 instead of 127.0.0.1:18789, without auth. Attackers could remotely trigger skills, exfiltrate data and manipulate daemon processes.

How big was the impact?

Security researchers found 135,000+ exposed instances within days using Shodan. Suspected data leaks: WhatsApp chat history, CRM data, inbox content. Full forensics still ongoing.

Step 1: update

npm install -g openclaw@latest
openclaw daemon restart

Current versions bind the dashboard only to 127.0.0.1. Verify with netstat -an | grep 18789: output should be 127.0.0.1.18789, not *.18789.

Step 2: requireMention globally

Even without the dashboard hole: a bot replying to everything is a vulnerability. requireMention: true as the default in openclaw.json.

Step 3: allowlists and audit

Channel allowlists (see WhatsApp setup), plus audit log to SIEM (Splunk, Elastic) for anomaly detection.

Step 4: dashboard only via Tailscale

If your team uses the canvas dashboard: never expose publicly. Tailscale mesh access is mandatory. Detailed guide: Tailscale remote setup.