OpenClaw 2026.2.12 Released With Fix for 40+ Security Issues

OpenClaw 2026.2.12 delivers a significant security update, addressing over 40 vulnerabilities and enhancing protection across its AI agent platform. Improvements span hooks, browser control, scheduling, messaging channels, and gateway security.

The main goal of this release is defense-in-depth. It follows serious concerns about exposed OpenClaw agents, token-stealing remote code execution (RCE) chains, and unsafe default deployments.

Gateway and OpenResponses now enforce a strict SSRF deny policy for URL-based input_file and input_image requests.

This includes hostname allowlists, per-request URL limits, and audit logging for blocked fetch attempts. These controls make it much harder for attackers to use agents to scan or probe internal networks.

Outputs from browser and web tools are now treated as untrusted data. They are wrapped in structured metadata and cleaned before reaching the model, reducing the risk of prompt-injection attacks.

Hooks and webhooks also receive major hardening. Secret comparisons now use constant-time checks, and per-client rate limiting (HTTP 429 with Retry-After) slows brute-force attempts.

By default, POST /hooks/agent blocks payload sessionKey overrides. Operators must configure safe prefixes or manually re-enable legacy behavior.

The update also fixes unauthenticated tampering with remote Nostr profile configuration, removes a risky hook, restricts mirrored skill sync to a sandboxed directory, and tightens transcript path validation to block unsafe file access.

Loopback browser control, previously linked to one-click RCE and token leaks, now requires mandatory authentication.

If no credentials are set, OpenClaw automatically generates a secure gateway token. New audit checks also flag unauthenticated browser control routes.

These changes directly address cases where exposed OpenClaw instances allowed full RCE and credential theft.

Reliability improvements are another key part of 2026.2.12. The cron scheduler is heavily patched to prevent skipped jobs, duplicate triggers, and restart-related issues.

Timers now re-arm correctly, and one failing job no longer blocks others. Heartbeat logic is improved to reduce noise and prevent false reminder triggers. Gateway updates ensure active sessions drain safely before restart, preventing message loss.

WebSocket limits now support images up to 5 MB. Installations auto-generate authentication tokens and reject missing or undefined tokens. Logging improvements also enhance macOS deployments.

The broader ecosystem also receives updates:

In today’s environment of exposed AI agents and RCE risks, OpenClaw 2026.2.12 provides an important security baseline that operators should deploy as soon as possible.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.