OpenClaw 29+ CVEs Patched in v2026.2.14: Path Traversal, Auth Bypass, SSRF, and RCE Across AI Agent Tool

Security researchers disclosed 29 or more CVEs affecting OpenClaw, the locally-running AI agent tool, patched in version 2026.2.14 — covering critical vulnerabilities including command hijacking (CVE-2026-29610), path traversal to arbitrary file write (CVE-2026-28453, CVE-2026-28484), gateway authentication bypass (CVE-2026-28472), SSRF via media URL hydration (CVE-2026-28467), and ZIP/TAR archive bomb denial of service (CVE-2026-28452). The batch disclosure arrives as OpenClaw is already at the centre of three active threat vectors: the Clinejection npm supply chain attack, the ClawJacked WebSocket hijack, and Bing AI-boosted malware distribution campaigns. Developers running OpenClaw should immediately upgrade to 2026.2.14 or later and audit their installations for indicators of compromise across all three concurrent campaigns.

Key Takeaways

• 29+ CVEs patched in OpenClaw v2026.2.14, including 4 critical-severity: CVE-2026-28484 (git-hook option injection, critical), CVE-2026-28474 (Nextcloud allowlist bypass, critical), CVE-2026-28472 (gateway WebSocket auth bypass, critical), CVE-2026-28470 (exec allowlist bypass via command substitution, critical)
• Vulnerability classes span: path traversal (CVE-2026-28453, CVE-2026-28462, CVE-2026-28447), SSRF (CVE-2026-28467, CVE-2026-28451, CVE-2026-28476), auth bypass (CVE-2026-28485, CVE-2026-28454), timing side-channel (CVE-2026-28464, CVE-2026-28475), and memory exhaustion DoS (CVE-2026-28452, CVE-2026-29612, CVE-2026-29609)
• OpenClaw is simultaneously targeted by Clinejection npm supply chain (Feb 2026), ClawJacked localhost WebSocket hijack (Mar 2026), and Bing AI-boosted malware distribution — upgrade to 2026.2.14+ immediately and rotate any exposed tokens

Original source: Tenable CVE Database