SecurityScorecard just published numbers that should make every OpenClaw user uncomfortable: 40,214 instances visible on the open internet. Of those, 12,812 are vulnerable to remote code execution. Right now. While you're reading this.

The problem isn't a zero-day. It's configuration.

How We Got Here

OpenClaw's default Gateway binding is 0.0.0.0 — all network interfaces. Combined with optional authentication that many users never enable, this turns a personal AI assistant into a publicly accessible terminal. Anyone who finds your instance can send messages, execute tools, and run shell commands.

Three things make it worse:

78% are unpatched. Roughly 31,000 instances run versions older than 2026.2.6, missing the security vetting, code scanner, and credential redaction shipped in recent updates.

Authentication is opt-in. Fresh installs with --allow-unconfigured or without explicit gateway.auth configuration accept connections without any credentials.

Three CVE-class vulnerabilities enable privilege escalation, RCE via crafted messages, and credential exposure in logs — even on "localhost-only" setups, due to request routing flaws.

Bitsight independently confirmed these findings, noting that the exposed instances span 76 countries.

Fix It Now

Check if you're exposed:

ss -tulpen | grep 18789
# If you see 0.0.0.0:18789 — you're open

The fix takes thirty seconds. In ~/.openclaw/openclaw.json:

{
  "gateway": {
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "token": "YOUR_STRONG_TOKEN"
    }
  }
}

Then update: npm install -g openclaw@latest

If you suspect compromise: rotate all API keys, check crontab -l for malicious entries, review installed skills with openclaw skills list.

The Uncomfortable Truth

OpenClaw's promise is "your assistant, your machine, your rules." The 40,000 exposed instances suggest that many users heard "your machine" and stopped listening before "your rules."

The default should be secure. It isn't yet. Until it is, the gap between "easy to install" and "safe to run" will keep producing numbers like these.

Developing story. Sources: SecurityScorecard, Bitsight