OpenClaw adds inference media generation, and a 9.8 severity high-risk vulnerability was uncovered at the same time

Open-source AI agent tool OpenClaw was released on April 8, 2026, with version 2026.4.7 bringing major feature updates such as expanded reasoning capabilities, cross-provider media generation, and the restoration of a memory knowledge base. However, during the same period, the cybersecurity research firm Blink disclosed a critical vulnerability with a severity as high as 9.8/10, with about 63% of internet-connected OpenClaw instances running with completely no authentication.

2026.4.7 Version: Key New Core Features at a Glance

This version update covers four major core modules: reasoning, media generation, memory, and automation.

New Features and Improvements

OpenClaw reasoning functionality: As the hub for a unified reasoning workflow, it supports provider-driven reasoning capabilities across model, media, network, and embedding task providers

Automatic media generation failover: By default, it supports automatic failover across authenticated providers for images, music, and video; when switching providers, it preserves the original generation intent, automatically maps size, aspect ratio, resolution, and duration to the nearest supported options, and adds mode-aware video-to-video (Video-to-Video) support

Memory/Wiki knowledge base (Memory/Wiki) restoration: Rebuilds the built-in memory knowledge base technology stack, covering plugins, command-line tools, synchronized query application toolchains, as well as structured declaration and evidence fields, and compiled summary retrieval functionality

Webhook inbound plugin: Adds a built-in Webhook inbound plugin, supporting external automation systems to independently share key endpoints via different routes, establishing and driving bound task workflow processes

New model support added: Arcee, Gemma 4, and Ollama vision models are officially included in the support list

Critical Vulnerability CVE-2026-33579: Sixth time in six weeks—Underlying design flaw not fixed

Blink’s researchers revealed that the operating mechanism of CVE-2026-33579 is clear and the consequences are severe: OpenClaw’s device pairing system does not verify whether the person who is requesting approved access actually holds authorization. This means that an attacker who has basic pairing permissions only needs to request administrator permissions in order to approve their own request—“the door is unlocked from the inside.”

Blink’s investigation data shows that about 63% of internet-connected OpenClaw instances are running without any authentication; in these deployment environments, attackers can launch attacks directly without any accounts, and gradually escalate to administrator level.

A patch was released on April 5 (Sunday), but the official CVE list did not appear until Tuesday. This two-day window of exposure allowed attackers to get a head start before most users realized they needed to update.

A deeper issue is that this vulnerability is the sixth pairing-related vulnerability disclosed within six weeks for OpenClaw, and all are different variants of the same underlying authorization system design flaw. Each patch targets specific vulnerabilities for point-by-point fixes rather than redesigning the entire authorization architecture. This pattern indicates structural risks that similar vulnerabilities can continue to appear.

Recommended Actions: Emergency Response Steps for Existing Users

Users still using OpenClaw should immediately update to version 2026.3.28. If you used an older version within the past week, both Ars Technica and Blink recommend treating the related instances as potentially compromised and conducting a comprehensive review of activity logs to identify suspicious device approval records. OpenClaw founder Peter Steinberger previously publicly warned on GitHub: “There is no setting that is ‘completely secure.’” How to strike a balance between functional convenience and security risk is the core consideration each OpenClaw user must face right now.

Frequently Asked Questions

What are the main new features in the OpenClaw 2026.4.7 version?

This update adds expanded reasoning workflow functionality, supporting provider-driven reasoning across models and media; automatic failover for media generation (images, music, video); restoration of the built-in memory knowledge base technology stack; and a new Webhook inbound plugin. It also adds support for Arcee, Gemma 4, and Ollama vision models.

Why is the CVE-2026-33579 vulnerability so dangerous?

The CVE-2026-33579 severity score is 9.8/10 because it allows the person with the lowest permissions to approve their own request for an administrator privileges escalation, fully taking over the system. About 63% of internet-connected OpenClaw instances have no authentication protection, meaning attackers can launch attacks without any credentials. The two-day delay in publishing the CVE further expands the attack window.

Does this mean OpenClaw’s security architecture has fundamental problems?

According to Blink’s analysis, CVE-2026-33579 is the sixth pairing-related vulnerability exposed within six weeks for OpenClaw, and all are different variants of the same underlying authorization system design flaw. Each patch is a point-by-point vulnerability fix rather than a fundamental redesign reset of the entire authorization system; cybersecurity researchers express concern about this.