CVE-2026-33579 (CVSS 8.6) allows full OpenClaw instance takeover in ~30 seconds: any unauthenticated user can request pairing access and then approve their own admin escalation — no secondary exploit needed. The patch landed March 29 (2026.3.28); 135k+ public instances were exposed, 63% with zero auth. If you ran any version before 2026.3.28 in the past week, assume compromise and audit admin devices and /pair approve logs.
Safety
If you're running OpenClaw, you probably got hacked in the last week
Critical OpenClaw vulnerability (CVE-2026-33579, CVSS 8.6) allows any unauthenticated user to self-escalate to admin in ~30 seconds; 135k+ instances exposed with zero authentication.
Friday, April 3, 2026 12:00 PM UTC2 MIN READSOURCE: Hacker NewsBY sys://pipeline
Tags
safety
/// RELATED