OpenClaw CVE Timeline
9 known CVEs | 3 active zero-day exploits | Jan–Mar 2026
ClawHavoc Attack Wave
January 27–29, 2026
⚠️ CRITICAL
Coordinated malicious skill injection across OpenClaw marketplace.
335
malicious skills deployed in 3 days
CVE-2026-25253
February 3, 2026
⚠️ CRITICAL
One-click remote code execution via malicious skill metadata.
40,000+
exposed instances detected
CVE-2026-26020
February 8, 2026
⚠️ CRITICAL
AutoGPT integration chain allows cascading RCE across agent networks.
Active exploitation confirmed in the wild
CVE-2025-68664
LangChain Credential Exfil
⚠️ CRITICAL
LangChain leaks API keys through agent memory context windows.
847M
downloads — widespread exposure
CrewAI Token Leak
February 14, 2026
⚠️ CRITICAL
GitHub token with high-privilege access exposed in repo.
Production deployments affected globally
Moltbook Data Dump
February 19, 2026
⚠️ CRITICAL
Agent identity database and credential store compromised.
35,000 emails
+
1.5M API tokens
exposed
ZombieAgent Botnet
March 2, 2026
⚠️ CRITICAL
Dormant agent instances activated remotely for DDoS and data theft.
Growth:
0 → 18,000 exposed instances in weeks
Supply Chain Attacks
Ongoing
🔴 HIGH
Dependency poisoning across npm, PyPI, and skill registries.
Multiple zero-day variants active
Prompt Injection Cascade
Ongoing
🔴 HIGH
Malicious instructions propagate through agent-to-agent communication chains.
Detection rate:
18%
across major platforms
9 CVEs
3 Active Exploits • 3 Zero-Day Variants
Time to widespread compromise:
19 days
(Jan 27 → Feb 15)