Researchers at Cyera have disclosed a chain of four vulnerabilities in OpenClaw, an open-source autonomous AI agent platform that Nvidia and Tencent have built enterprise products on top of. The chain - CVE-2026-44112 (CVSS 9.6), CVE-2026-44113, CVE-2026-44115, and CVE-2026-44118 - lets an attacker who can influence the agent's input (through a malicious plugin, prompt injection, or compromised tool output) break out of the OpenShell sandbox, read environment-stored API keys, elevate to owner-level privileges, and write persistent backdoors. Each step looks like normal agent behavior. Shodan and Zoomeye between them counted 65,000 to 180,000 public OpenClaw instances earlier in May. All flaws are fixed in OpenClaw 2026.4.22.