Four critical vulnerabilities in the OpenClaw AI agent platform (CVE-2026-44112, 44113, 44115, 44118, collectively ‘Claw Chain’) enable data theft, privilege escalation, and persistent access. A reported CVSS of 9.0 and chaining capability make this a significant exposure for organizations running OpenClaw with access to cloud storage or sensitive internal systems. A fifth CVE (CVE-2026-32922) covering a separate privilege escalation issue is documented by ARMO Security with unconfirmed relationship to the main cluster. Note: NVD entries for all CVEs were not publicly available at time of publication; verify technical details and affected versions against Cyera Research and vendor advisories before finalizing response scope.