← Back to Daily Briefing

The ClawHavoc campaign targets the OpenClaw Marketplace by distributing poisoned AI agent "skills" designed to exploit CVE-2026-25253. This critical remote code execution (RCE) vulnerability allows attackers to escape the sandboxed execution context of an AI agent and gain access to the underlying host system. By integrating these malicious skills into enterprise workflows, threat actors weaponize the agent's inherent permissions to achieve full host compromise, facilitate lateral movement, and enable unauthorized data exfiltration. This represents a significant escalation in AI supply chain risks, where the trust-based model of agentic extensibility is used to bypass traditional security perimeters and compromise critical infrastructure.

  • Campaign Profile: ClawHavoc Supply Chain Poisoning

    • Targets the OpenClaw Marketplace to inject malicious "skills" into AI agent repositories.
    • Distributes high-utility, masqueraded tools designed to deceive enterprise automation workflows.
    • Leverages the rapid adoption of agentic AI to ensure widespread, automated distribution.
  • Vulnerability Analysis: CVE-2026-25253 (RCE)

    • Exploits a critical RCE vulnerability within the processing of poisoned agent skill files.
    • Enables attackers to bypass sandbox constraints and escape the agent's execution context.
    • Facilitates unauthorized system-level command execution on the underlying host system.
  • Technical Impact: Host and Network Compromise

    • Achieves full host-level compromise, granting attackers control over local developer workstations.
    • Enables unauthorized data exfiltration using the agent's existing, authorized permissions.
    • Facilitates rapid lateral movement from local environments to sensitive production cloud workloads.
  • Mitigation and Defensive Posture

    • Implement rigorous cryptographic integrity validation for all marketplace-sourced agent skills.
    • Enforce strict kernel-level or hardware-level isolation for AI agent execution environments.
    • Monitor for anomalous host-level activity or unauthorized environment variable access originating from agent processes.

Related posts

  1. vibegraveyard.ai — Blackbox AI processed a poisoned file and ran a reverse shell as root
  2. Expert In the Cloud — OpenClaw Marketplace Exposes a New AI Supply Chain Risk
  3. helpnetsecurity.com — OpenClaw for iOS: The viral open-source AI agent comes to iPhone and iPad
  4. News4Hackers — OpenClaw Open-Source AI Agent for iOS: Available on iPhone iPad
  5. gbhackers.com — JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion
  6. feeds.feedburner.com — AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
  7. cybersecurity.pk — AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
  8. Security Affairs — JADEPUFFER: First End-to-End AI-Driven Ransomware Operation
  9. News4Hackers — Agentic AI Exploited in Ransomware Attack via Langflow
  10. News4Hackers — JadePuffer Ransomware Leverages AI-Powered Automation to Revolutionize Cyberattacks
  11. SOCFortress — JADEPUFFER: The Dawn of Agentic Ransomware Operations
  12. SecurityWeek — Agentic AI Used to Conduct Ransomware Attack via Langflow
  13. Labs
  14. Sonicwall
  15. Sentinelone
  16. Antiy
  17. Proarch
  18. Automation
  19. Marlabs
  20. Cybernews
  21. Blog
  22. Astralcodexten
  23. Reddit
  24. Slideshare
  25. Blogs11437
  26. Sysdig
  27. Letsdatascience
  28. Cyberpress
  29. Hackread
  30. Scworld
  31. It
  32. Youtube
  33. penligent.ai — CVE-2026-33017, Langflow Public Flow RCE and the AI Pipeline Blast Radius
  34. Reddit
  35. Reddit
  36. Mallory
  37. Orca

LINK COPIED TO CLIPBOARD