CNCERT Issues OpenClaw Security Advisory
China's National Computer Network Emergency Response Technical Team published a security warning on March 14, 2026, highlighting critical vulnerabilities in OpenClaw's default installation. The open-source autonomous AI agent platform, previously known as Clawdbot and Moltbot, ships with configurations that expose organizations to potential compromise.
CNCERT distributed the alert through its official WeChat channel, targeting organizations running self-hosted AI agent deployments. The advisory specifically calls out the platform's inadequate security posture in production environments.
Self-Hosted AI Deployments at Risk
Organizations using OpenClaw for autonomous AI operations face immediate security exposure. The vulnerability affects all versions of the platform when deployed with default settings, particularly impacting enterprises that haven't hardened their installations.
Chinese government agencies and private sector organizations running AI agent infrastructure represent the primary at-risk population, though the open-source nature means global deployments could be vulnerable.
Related: HPE Patches Five Critical AOS-CX Flaws: RCE, Privilege
Related: Veeam Patches Four Critical RCE Flaws in Backup Software
Related: CISA Adds Hikvision, Rockwell Flaws to KEV Catalog
Related: CISA Warns of Actively Exploited Wing FTP Server Flaw
Related: OpenClaw AI Critical RCE Flaw Patched — All Developers Must
Configuration Hardening Required
CNCERT recommends immediate review of OpenClaw security settings and implementation of proper access controls. Organizations should audit their AI agent deployments and apply security hardening measures beyond the platform's default configuration.
The CISA Known Exploited Vulnerabilities catalog provides additional guidance for securing AI infrastructure, while the Microsoft Security Response Center offers enterprise security best practices applicable to AI agent deployments.
