OpenClaw hit by critical admin exploit

// 67d agoSECURITY INCIDENT

OpenClaw hit by critical admin exploit

OpenClaw versions before 2026.3.28 are vulnerable to CVE-2026-33579, a critical flaw allowing unauthorized users to gain administrative control by self-approving pairing requests. Users should upgrade to version 2026.3.28 immediately and audit logs for suspicious activity.

// ANALYSIS

The OpenClaw exploit is a textbook example of "trust but don't verify" in autonomous agent security, highlighting the risks of granting deep system permissions to experimental frameworks. The /pair approve flaw is devastating because it bypasses the entire security model, turning a local assistant into a potential remote access trojan. This incident underscores the danger of rapid viral growth in open-source projects before basic security primitives are hardened, especially as autonomous agents gain shell and browser control.

// TAGS

openclawagentai-codingopen-sourcesafety

DISCOVERED

67d ago

2026-04-03

PUBLISHED

67d ago

2026-04-03

RELEVANCE

9/ 10

AUTHOR

kykeonaut

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

MODEL17m ago

Designers praise Claude Fable 5 landing pages

Educator and designer Meng To highlighted Claude Fable 5's capability for creating landing pages on X, calling the model "a monster" for the task. Released in June 2026, Claude Fable 5 is Anthropic's latest Mythos-class AI model, featuring a 1-million-token context window, a 128,000-token output capacity, and advanced reasoning for long-horizon agentic workflows, making it highly effective for complex design and front-end code generation tasks.

MODEL1h ago

Claude Fable 5 hits Google Cloud

Anthropic's new Mythos-class frontier AI model, Claude Fable 5, is now generally available on Google Cloud's Agent Platform (Vertex AI). Designed for complex, long-horizon reasoning and autonomous workflows, Fable 5 is built for tasks such as software engineering, deep research, and multi-day agentic execution, featuring built-in safety guardrails that automatically redirect sensitive queries to Claude Opus 4.8.

UPDATE1h ago

B.AI integrates Claude Fable 5 into developer API

Developer platform B.AI has integrated Anthropic's Claude Fable 5 model into its API ecosystem. Developers can now utilize Claude Fable 5's advanced reasoning and code generation capabilities within B.AI's unified, OpenAI-compatible API framework, which simplifies model access, agent identity management, and transaction payments.