15,200 OpenClaw Control Panels Exposed Online with Full System Access

A massive security blunder has exposed over 15,200 OpenClaw AI control panels to the public internet, handing attackers full remote control over users’ systems.

OpenClaw, formerly known as Clawdbot and Moltbot, is an open-source framework for building “agentic” AI autonomous bots that perform real-world tasks like sending messages or managing files.

SecurityScorecard’s STRIKE Threat Intelligence Team uncovered the issue through internet-wide scans.

They used favicon fingerprinting, a technique that spots unique website icons to identify about 42,900 IP addresses running OpenClaw panels across 82 countries.

But the real danger? A default setting binds the software to 0.0.0.0, making it listen for connections from anywhere on the internet, not just the local machine.

This sloppy config means anyone can find these panels with basic tools. If users skip setting a password or pick a weak one, attackers log in instantly.

Unlike hacking a regular website, which might just leak data, compromising an OpenClaw agent grants action. Attackers inherit the bot’s permissions and act with the victim’s power.

What can hackers steal or do? Plenty:

• Credentials: API keys, OAuth tokens, and passwords in the ~/.openclaw/credentials/ folder.
• System Files: Full access to the filesystem, including SSH keys in ~/.ssh/ and saved browser profiles.
• Impersonation: Send messages as the victim on Telegram, Discord, or WhatsApp.
• Financial Damage: Drain crypto wallets or hijack browser sessions for banking.

The problems pile up. Over 15,000 exposed panels suffer from Remote Code Execution (RCE) flaws, like CVE-2026-25253 (CVSS 8.8). This “1-click” bug lets a malicious link steal authentication tokens without effort.

Worse, “version fragmentation” keeps risks alive. STRIKE found nearly 40% of instances still labeled “Clawdbot Control” and 38.5% as “Moltbot Control.” Users rarely update, sticking with outdated forks.

Many run on major clouds like AWS or Azure, where bad deployment templates spread the flaw at scale.

STRIKE stresses this isn’t about AI hype like superintelligence, it’s exposed infrastructure. Attackers could build botnets, steal identities, or launch ransomware from hijacked agents.

How to Fix It
Users must act fast:

1. Bind OpenClaw to 127.0.0.1 (localhost only) in config files.
2. Set strong, unique passwords.
3. Update to the latest version and patch CVEs.
4. Scan networks with tools like Shodan for exposed panels.
5. Use firewalls to block public access.

Cloud providers should audit templates. Developers: Ditch risky defaults. This exposure shows agentic AI’s double-edged, powerful tools, but wide attack surfaces if misconfigured.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post 15,200 OpenClaw Control Panels Exposed Online with Full System Access appeared first on Cyber Security News.