OpenClaw 2026.2.12 was released, fixing over 40 security flaws.

Release of OpenClaw 2026.2.12 OpenClaw Version 2026.2.12 is a significant security update that improves protection throughout the AI agent platform and addresses over 40 vulnerabilities This article explores openclaw creates secure. . Hooks, scheduling, messaging channels, browser control, and gateway security are all enhanced by the update.

This release's primary objective is defense-in-depth. It comes after grave worries about unsafe default deployments, token-stealing remote code execution (RCE) chains, and exposed OpenClaw agents. Find out more Services for removing data Platform for vulnerability management Analysis by cybersecurity experts URL-based input_file and input_image requests are now subject to a stringent SSRF deny policy enforced by Gateway and OpenResponses. This covers per-request URL limits, hostname allowlists, and audit logging for unsuccessful fetch attempts.

Attackers find it much more difficult to use agents to scan or probe internal networks as a result of these controls.

Web tool and browser outputs are now regarded as untrusted data. To lessen the possibility of prompt-injection attacks, they are cleaned and wrapped in structured metadata before entering the model. Major hardening is also applied to hooks and webhooks.

Constant-time checks are now used for secret comparisons, and brute-force attempts are slowed by per-client rate limiting (HTTP 429 with Retry-After). POST /hooks/agent prevents payload sessionKey overrides by default. Operators need to manually re-enable legacy behavior or set up safe prefixes.

Category of Components Important Feature Fundamental Platform More than 40 vulnerabilities are fixed by security SSRF Protection for Gateways Request limits, audit logging Model Pipeline, and strict URL allowlists Rapid Injection Protection Prior to model processing, browser/tool outputs are cleaned. Webhooks and Hooks Security Hooks Rate limiting and continuous secret checks Authentication via Browser Control Scheduler (Cron) required auth Fixes for Schedulers keeps jobs from being skipped or duplicated Updates for Gateways Safe handling of restarts and bigger Support for WebSockets Channels for Messaging Enhancements to the Channel Safer integrations for Signal, Slack, WhatsApp, Discord, and Telegram Packages for Release Integrity of Release Signed Mac packages with SHA-256 verification The update also fixes unauthenticated tampering with remote Nostr profile configuration, removes a risky hook, restricts mirrored skill sync to a sandboxed directory, and tightens transcript path validation to block unsafe file access.

Previously associated with token leaks and one-click RCE, loopback browser control now necessitates mandatory authentication. Find out more about VPN services. Reports on threat intelligence Detection of threats in real time OpenClaw creates a secure gateway token automatically if no credentials are entered.

Additionally, unauthenticated browser control routes are flagged by new audit checks. These modifications specifically address situations in which full RCE and credential theft were made possible by exposed OpenClaw instances. Another important aspect of 2026 is reliability enhancements.2.12 To avoid skipped jobs, duplicate triggers, and restart-related problems, the cron scheduler has been extensively patched. One failing job no longer prevents others from starting, and timers now re-arm correctly.

To cut down on noise and avoid false reminder triggers, heartbeat logic has been improved. By ensuring that active sessions safely drain before restarting, gateway updates help to avoid message loss.

Images up to 5 MB are now supported by WebSocket limits. Installations reject tokens that are missing or undefined and automatically generate authentication tokens. Enhancements to logging also improve macOS deployments.

Updates are also sent to the larger ecosystem: Update of Components Telegram Better formatting and safer message handling WhatsApp Better handling of media and enhanced support for Markdown Slack Better handling of replies and detection of bot mentions Signal More robust validation and improved Discord mention rendering Better thread management and DM responses Releases for Macs SHA-256 checksum verification for signed packages OpenClaw 2026.2.12 offers a crucial security baseline that operators should implement right away in the current environment of exposed AI agents and RCE threats. X, LinkedIn, and LinkedIn for daily ZeroOwl. To have your stories featured, get in touch with us.