Seven critical vulnerabilities. All published on the same day. All scoring above 9.0 on the CVSS scale. Belgium's national cybersecurity authority told organizations to patch immediately.
The Headline Bug
CVE-2026-28474 (CVSS 9.8): OpenClaw lets you restrict which users can talk to your AI agent through an allowlist. But the Nextcloud Talk plugin was checking the user's display name instead of their actual user ID. An attacker changes their Nextcloud display name to match someone on the allowlist. Done. They're in.
No authentication bypass needed. No special privileges. No user interaction.
The Full CVE List
| CVE | CVSS 4.0 | Component | Fixed In |
|---|---|---|---|
| CVE-2026-28474 | 9.3 | Talk Plugin | 2026.2.6 |
| CVE-2026-28466 | 9.4 | Gateway | 2026.2.14 |
| CVE-2026-28391 | 9.2 | Talk Plugin | 2026.2.6 |
| CVE-2026-28446 | 9.2 | Talk Plugin | 2026.2.6 |
| CVE-2026-28470 | 9.2 | Talk Plugin | 2026.2.6 |
| CVE-2026-28472 | 9.2 | Gateway | 2026.2.6 |
Two Patch Targets
Most CVEs target the Nextcloud Talk plugin (fixed in 2026.2.6). But CVE-2026-28466 hits the core OpenClaw gateway and needs a separate upgrade to 2026.2.14. Patching only the plugin leaves you exposed.
42,000+ publicly exposed OpenClaw instances found through Shodan and Censys scans. If you self-host with Nextcloud Talk enabled, update both components now.
ClawHosters managed instances are not affected. We don't use the Nextcloud Talk plugin, and auto-patching keeps every instance on the latest secure version.
Top comments (0)