CVE-2026-33579 – OpenClaw Critical Remote Execution
“Two critical bugs open the door wide enough for complete system takeover.”
OpenClaw released a critical security update addressing two severe vulnerabilities that expose systems to potential remote compromise. These issues impact core application components and could allow attackers to execute arbitrary code with minimal resistance. CVE-2026-32922 has a CVSS score of 9.9, which is Critical severity. CVE-2026-33579 has a CVSS score of 9.9, which is Critical severity. Both vulnerabilities represent near-maximum risk, with the potential to fully compromise affected systems.
No verified real-world exploitation or proof-of-concept code has been confirmed for either vulnerability at this time. Despite this, the severity alone makes these flaws highly dangerous, especially in exposed or production environments. The patch enforces stricter input validation and closes the pathways that could lead to unauthorized code execution.
Key Details
- Affected Product
- Openclaw Openclaw
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-863