OpenClaw privilege-escalation bug

Posted by kykeonaut 1 day ago

OpenClaw privilege-escalation bug(old.reddit.com)

211 points | 148 commentspage 3

gloosx 1 day ago|

erhm.... what the hell is openclaw?? what does it actually do? i tried searching and researching but I couldnt understand what it is. Autonomous ai agent framework?? what does this even mean? like a claude wrapper?

gos9 1 day ago||

Really? Posting AI generated Reddit post with no sources or anything?

hmokiguess 1 day ago||

The link mentions the CVE, here's the link https://nvd.nist.gov/vuln/detail/CVE-2026-33579

dang 1 day ago|||

Thanks! We've changed the top URL to that from https://old.reddit.com/r/sysadmin/comments/1sbdw29/if_youre_..., but I'll put the latter in the toptext.

dijksterhuis 1 day ago|||

if would be good if we could have the submission including this link at the top

tgv 1 day ago|||

The CVE seems to be real.

roangeller 1 day ago||

[flagged]

machinecontrol 1 day ago||

The root issue is that OpenClaw is 500K+ lines of vibe coded bloat that's impossible to reason about or understand.

Too much focus on shipping features, not enough attention to stability and security.

As the code base grows exponentially, so does the security vulnerability surface.

tomhow 1 day ago||

We detached this subthread from https://news.ycombinator.com/item?id=47629849 and marked it off-topic.

globular-toast 17 hours ago||

I can't really think of a more on topic comment. The thread is about a security issue and the comment is about the quality of the codebase.

tomhow 13 hours ago||

The comment is a generic vent about the project’s codebase and development approach, not an effort to engage in curious conversation about this vulnerability. Also, I consider it to be in breach of the guidelines about fulmination, swipes/sneers, and curmudgeonliness.

globular-toast 6 hours ago||

The comment doesn't even seem to contain opinion. It's simply objectively true. Let's be honest, you just didn't like the way it was directly calling out the author for writing shitty software. Responsibility is a thing and the author is displaying none of it.

tomhow 5 hours ago||

I don’t know or care whether it’s “objectively true”. That style of commenting, i.e., “calling out the author” is not what HN is for, regardless of the truthfulness of the comment. You’ve been around long enough to know that. HN is for curious conversation between hackers, i.e., people who like to build things. Attacking people for building things in some kind of “wrong” way is not cool here. “Responsibility” is not mentioned in the guidelines but kindness is.

williamstein 1 day ago|||

The current OpenClaw GitHub repo [1] contains 2.1 million lines of code, according to cloc, with 1.6M being typescript. It also has almost 26K commits.

[1] https://github.com/openclaw/openclaw

asddubs 1 day ago|||

wow, this repo seems to get something like 100 commits an hour based on just scrolling through the recent ones.

earnesti 1 day ago|||

There are like 10 openclaw clones out there. If you prefer security over features, just pick up another one.

yoyohello13 1 day ago|||

Or you can just make your own. The core pattern is not difficult to clone.

crustaceansoup 1 day ago|||

They exist; are any of them secure?

dyauspitr 1 day ago||

[flagged]

Retr0id 1 day ago|||

Aside from "exponentially" being hyperbolic, which part is unsubstantiated?

dyauspitr 15 hours ago||

That vibe coded automatically means it’s “bad”.

pezo1919 1 day ago|||

This is a vibe based comment. It’s a generic attack with no meat.

RodMiller 1 day ago||

[dead]

hyperlambda 1 day ago||

[flagged]

plestik 1 day ago|||

[flagged]

tomhow 1 day ago||

We detached this subthread from https://news.ycombinator.com/item?id=47629849 and marked it off-topic.

plestik 1 day ago||

Why?

tomhow 1 day ago||

It breaks several guidelines:

Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.

Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.

Please don't fulminate. Please don't sneer.

Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something.

The guidelines still apply, even if you feel negatively towards a project and its creator. Indeed it's even more important to make the effort to heed the guidelines for topics you feel negatively towards (after all, it's easy to be respectful about things we feel positively towards).

https://news.ycombinator.com/newsguidelines.html

plestik 1 day ago||

Thanks for explaining, is this mostly about replying directly to the person involved in the project? Compared to e.g. a comment in a thread about OpenClaw without replying directly to the creator? Just trying to figure out where the line is, I do think snark is a valid form of criticism sometimes but it's your house after all.

tomhow 11 hours ago||

That comment would be a guidelines breach on HN, whether or not it was in reply to the project creator. It gives off just the kind of negativity that HN has always aimed to avoid. Even if we don't always succeed in avoiding it, the guidelines represent an ideal that we work to uphold every day.

> Just trying to figure out where the line is

It's not really about a line, it's about the qualitative style of discussion we’re here for. HN is for people who like to build things and work on interesting new projects, and have curious conversations about what they're building. Projects that are new and built in different ways than what has come before will always be easy to criticise from a position of conformity to historical conventions, but if we all thought that way, nothing new would ever be built.

> I do think snark is a valid form of criticism sometimes

Not on HN. Thoughtful criticism is fine, and the very first two words of the “In Comments” section of the guidelines are “be kind”.

> but it's your house after all

That's not how we think about it. We’re custodians of this place and our role is to keep it a healthy place for discussion among intellectually curious hackers. It takes daily work and effort to uphold the guidelines and keep the standards up so that it doesn’t become the hellscape of negativity that it's often stereotyped as being.

inetknght 1 day ago|||

> There used to be a time where people who shipped CVEs took accountability.

I see you haven't heard of Microsoft...

orsorna 1 day ago|||

[flagged]

ua709 1 day ago|||

What time was that and who do we get to blame for Log4j?

lp0_on_fire 1 day ago||

Have you met these AI companies yet?

fraywing 1 day ago|||

[flagged]

jstanley 1 day ago|

But this is nothing to do with the agent being tricked. This is ordinary old-fashioned code being tricked!

paulhebert 1 day ago|||

But was the code written by an agent? It's agents all the way down

fraywing 1 day ago|||

[dead]

podgorniy 1 day ago|||

[flagged]

tgv 1 day ago|

Your comment is obviously against the rules, but I read it as: Why are people not more careful? This is some unknown, app, with unknown, unvetted depths, and you only like it because other people say it's shiny and AI. It made you giddy, and you forgot that giving a tool permissions is an invitation to hackers. Well, you went ahead and ignored all common sense, and here we are.

deadbabe 1 day ago||

[flagged]

butlike 1 day ago||

Hanlon's Razor

https://en.wikipedia.org/wiki/Hanlon%27s_razor

deadbabe 1 day ago||

That razor is poorly understood. It’s not malice if it can be explained by stupidity. In this case it’s not explained by stupidity, as the guy who made OpenClaw is very smart. Therefore, it can only be malice.

EA-3167 1 day ago|||

In this case I'd say that it was made not to enable that, but in total disregard of its realistic uses and risks. In a sense this is less... deliberate poisoning, and more doing a bad job cutting heroin with fentanyl for distribution. Yeah the result is the same, but the cause is negligence to the point of parody rather than outright malice.

throwatdem12311 1 day ago||

Some people are so stupid it is indistinguishable from evil.

cactusplant7374 1 day ago||

What reason would Steinberger have for doing that? It was his hobby project.

crazy5sheep 1 day ago|||

[dead]

throwatdem12311 1 day ago||||

You can’t think of a single reason?

Intelligence asset.

Useful idiot.

Plenty of reasons.

asdff 1 day ago|||

He doesn't need a reason. He could have been captured by intelligence after the fact.

More comments...