OpenClaw, the viral AI agentic tool with 347,000 GitHub stars, patched three high-severity vulnerabilities this week including CVE-2026-33579 (CVSS 8.1–9.8). The critical flaw lets anyone with the lowest-level pairing permission silently escalate to admin, gaining full control of all resources the OpenClaw instance can access. Security researchers say users should assume compromise given the tool's broad access to files, accounts, and messaging platforms.
Safety
OpenClaw gives users yet another reason to be freaked out about security
Critical privilege escalation in OpenClaw (CVE-2026-33579, CVSS 8.1–9.8) allows any user with pairing permission to escalate to admin and compromise all connected resources, affecting the 347k-star tool used for file, account, and messaging access.
Friday, April 3, 2026 12:00 PM UTC2 MIN READSOURCE: Ars TechnicaBY sys://pipeline
Tags
safety
/// RELATED
ResearchApr 28
StoryTR: Narrative-Centric Video Temporal Retrieval with Theory of Mind Reasoning
Theory of mind reasoning enables video systems to ground temporal retrieval in character intentions and plot structure, improving narrative-driven video understanding.
Models4d ago
GPT 5.5: The System Card
OpenAI's GPT-5.5-Pro narrows the gap with Opus 4.7 (23% claim-level factual accuracy gain) but exhibits reduced chain-of-thought controllability and sparse safety documentation, widening the transparency gap with Anthropic.