OpenClaw security patches fix QR code credential exposure and plugin auto-load vulnerabilities
Two critical security vulnerabilities patched in OpenClaw
OpenClaw has released two security patches addressing serious vulnerabilities in the platform. The patches were released in version 2026.3.12 and follow another security issue (GHSA-5wcw-8jjv-m286) that was patched the previous day.
QR code pairing vulnerability
The QR code pairing system used to set up new devices was embedding permanent gateway credentials directly in the QR code with no expiry. This meant that anyone who captured a screenshot of the QR code would gain permanent access to everything the agent could do. The vulnerability was fixed in v2026.3.12, which now uses temporary codes instead.
If you've ever shared your setup QR code anywhere (Discord, Reddit, Twitter, Facebook, etc.), you should rotate your gateway token immediately.
Plugin auto-load vulnerability
The second vulnerability involved workspace plugins automatically loading and running when a repository was cloned. The system would execute plugins without asking for user confirmation or checking if the source was trusted. This has also been fixed in v2026.3.12.
Exposure statistics
According to SecurityScorecard data from last week, there are over 40,000 OpenClaw instances exposed on the open internet. Of these, approximately 12,000 were exploitable via remote code execution (RCE) vulnerabilities. The actual number is likely higher now.
If you're running OpenClaw, you should update to the latest version immediately to address these security issues.
📖 Read the full source: r/openclaw
👀 See Also
Windows Notepad App Remote Code Execution Vulnerability CVE-2026-20841
CVE-2026-20841 is a remote code execution vulnerability in the Windows Notepad app. Details and mitigation steps are available in the Microsoft Security Response Center update guide.
Smart Bash Permission Hook for Claude Code Prevents Compound Command Bypass
A Python PreToolUse hook addresses a security gap in Claude Code's permission system where compound bash commands could bypass allow/deny patterns. The script decomposes commands into sub-commands and checks each individually against existing permission rules.
Security vulnerabilities exposed in Lovable-showcased EdTech app
A security researcher found 16 vulnerabilities in a Lovable-showcased EdTech app, including critical auth logic flaws that exposed 18,697 user records without authentication. The app had 100K+ views on Lovable's showcase and real users from UC Berkeley, UC Davis, and schools worldwide.
OpenClaw's External Content Wrapper for Prompt Injection Defense
OpenClaw uses an external content wrapper that automatically tags web search results, API responses, and similar content with warnings that it's untrusted, priming the LLM to be skeptical and more likely to refuse malicious instructions.