OpenClaw 2026.3.28 patches 8 security vulnerabilities including critical privilege escalation
Critical security patches for OpenClaw
OpenClaw 2026.3.28 includes patches for 8 security vulnerabilities identified during a 3-day audit by Ant AI Security Lab. The audit found 33 issues total, with these 8 confirmed and fixed in the latest stable release.
Key vulnerabilities patched
The most significant issues include:
- Critical severity privilege escalation: Lower-privileged operators could approve admin access via the
/pair approvepath - High severity sandbox escape: The
messagetool could be tricked into reading arbitrary local files using alias parameters - High severity node pairing approval bypass
- High severity WebSocket session hijacking
Affected systems
These vulnerabilities affect multi-node OpenClaw setups and users of built-in tools like message or fal.
Security advisories
Detailed information is available in GitHub security advisories:
- Critical - /pair approve escalation: GHSA-hc5h-pmr3-3497
- High - message tool sandbox escape: GHSA-v8wv-jg3q-qwpq
- High - Node pairing approval bypass: GHSA-2x4x-cc5g-qmmg
- High - WebSocket session hijacking: GHSA-2pr2-hcv6-7gwv
Update to OpenClaw 2026.3.28 immediately if you haven't already.
📖 Read the full source: r/openclaw
👀 See Also
Security Checklist for Claude AI-Generated Applications
A developer shares a checklist of common security and operational gaps found in applications built with Claude Code, including rate limiting, authentication flaws, database scaling issues, and input handling vulnerabilities.
AI Agent Security: Token Budget Determines Data Exfiltration Risk
A developer tested AI agents connected to Gmail: frontier models caught phishing, mid-tier was unstable, cheap models silently forwarded malicious emails. Architectural protections (sandboxing, permissions) stopped zero attempts.
Introducing SkillFence: The New Runtime Monitor That Watches What Skills Actually Do
SkillFence offers a breakthrough in monitoring AI agent actions, addressing the need for transparency and security in AI-driven environments. Discover how this innovative tool can enhance control over autonomous processes.
Bitwarden Agent Access SDK integrates with OneCLI for secure credential injection
Bitwarden's new Agent Access SDK enables AI agents to access credentials from Bitwarden's vault with human approval, while OneCLI acts as a gateway that injects credentials at the network layer without exposing raw values to agents.