4 articles connected to this topic.
Between March 18 and 21, nine OpenClaw CVEs dropped — including a 9.9 critical that let any authenticated user become admin by asking nicely. A timeline, breakdown, and what it means for self-hosters.
Microsoft's March 2026 Patch Tuesday includes CVE-2026-26144, a zero-click Excel XSS that turns Copilot Agent into a data exfiltration channel, plus CVE-2026-21536 — the first critical vulnerability discovered entirely by an autonomous AI agent.
A high-severity vulnerability let any website silently connect to your local OpenClaw agent via WebSocket. Here's the technical breakdown and what you need to do.
A roundup of February 2026's OpenClaw security developments — critical CVEs, Microsoft's deployment guidance, the ClawBands oversight tool, and actionable hardening steps.