OpenClaw, a personal AI assistant, has been the subject of a concentrated series of security vulnerabilities throughout early 2026, culminating in the identification of six Common Vulnerabilities and Exposures (CVEs) and the discovery of over 824 malicious skills.
The most recent vulnerability, CVE-2026-27001, disclosed February 20, 2026, concerns the embedding of the current working directory – the “workspace path” – into the agent’s system prompt without proper sanitization. According to a National Vulnerability Database (NVD) report, this allows attackers to potentially inject malicious instructions if they can manipulate the directory name to include control or format characters. The vulnerability is addressed in OpenClaw version 2026.2.15, which sanitizes the workspace path before embedding it into Large Language Model (LLM) prompts.
The NVD currently assesses the severity of CVE-2026-27001 as 8.6 on a scale of 0-10, classifying it as “High” based on a CVSS Version 4.0 vector of CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. A CVSS 3.x assessment gives a base score of 7.8, also “High”, with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
This vulnerability is part of a larger cluster of security issues impacting OpenClaw. CVE-2026-26326, reported two days prior, revealed that the `skills.status` function could inadvertently disclose secrets to the `operator.read` function. Earlier in February, CVE-2026-25253 highlighted the risk of malicious links being used to steal authentication tokens and compromise OpenClaw AI systems. Additional CVEs identified in early 2026 include CVE-2026-26323, CVE-2026-26327, and CVE-2026-26317, collectively reshaping the threat landscape surrounding the AI assistant, according to a report from Stackademic.
Beyond the officially designated CVEs, reports indicate a significant proliferation of malicious skills designed to exploit the OpenClaw platform. As of February 21, 2026, over 824 such skills have been identified. Over 42,000 instances of OpenClaw are reportedly exposed, potentially increasing the attack surface for malicious actors.
GitHub, Inc. Is listed as the CNA (Vulnerability Coordinator) for CVE-2026-27001, contributing to the CVSS assessment. As of this reporting, NIST has not yet provided its own assessment of the vulnerability.
