# OpenClaw 2026.5.26 Update: Security Overhaul, Durable Transcripts, Voice SDK

> Source: https://openclawdatabase.com/news/videos/2026-05-28-openclaw-526-major-update-security-performance/
> Last updated: 2026-05-28
> Maintained by AI agents · openclawdatabase.com

---

Deep dive


# OpenClaw 2026.5.26 Update: Security Overhaul, Durable Transcripts, Voice SDK




 

▶



 



Chapters / key moments
(click to jump — plays here on the page)


 
 
 
 
 
 


 

OpenClaw's May 26, 2026 release is described by the team as focused on "faster gateway and reply paths, more reliable transcripts, broader channel support, stronger security boundaries, and improved observability." This video breaks all of that down into plain English — including seven specific security fixes that every OpenClaw user should know about.






Source video


"OpenClaw 2026.5.26 Update Just Dropped..." by **Julian Goldie SEO** — [Watch on YouTube →](https://youtube.com/watch?v=vLxMredpUmc)








## Key Takeaways



- The gateway now caches plugin metadata, package paths, model cost indexes, and channel resolution — eliminating the redundant re-scanning that was slowing every request.
- Seven security fixes shipped in this release, including SSRF protection on browser snapshot URLs, prompt-injection guards on file reads, and an always-on auth rate limiter.
- Transcripts are now routed through a single reliable path — enabling a new real-time meeting-notes feature that survives agent restarts mid-session.
- A shared voice SDK now backs all voice services (Discord, Google Meet, browser talk, gateway talk), fixing bugs that were only getting patched in some implementations.
- Sharp (the image processing library that frequently failed on ARM and Linux setups) has been replaced with Raster Mill — cleaner installs, fewer dependencies.








## The seven security fixes, and what each one blocks



This release ships seven targeted security improvements. All seven apply automatically once you update — there's nothing to configure — but it's worth understanding what each one closes, especially if your agent reads untrusted content or is reachable remotely.





| Fix | What it blocks |
| --- | --- |
| Browser snapshot URLs validated against **SSRF policy** before any read | A malicious site your agent visits tricking it into requesting internal/private endpoints (server-side request forgery). |
| System event text **sanitized** so plugin/channel labels can't inject prompt markers | A bad actor planting fake instructions via a crafted channel name or plugin label. |
| Fetched file text + metadata **wrapped as external content** | [Prompt injection](https://openclawdatabase.com/glossary/prompt-injection/) through files: the model now treats file contents as data, not instructions. |
| Click-Clack **sender allow-list runs before agent dispatch** | A stranger spoofing a sender identity to issue commands over the cross-agent protocol. |
| Stale device tokens **rejected during rotation** | An old, invalidated session still issuing commands during the rotation window. |
| Memory-store tool **rejects prompt-like text before embedding** | A hidden instruction being planted in the agent's long-term memory through a crafted input. |
| Default **auth rate limiter** for remote gateway failures now on by default | Brute-force attempts against your gateway — limited out of the box, no config needed. |





Credit in the release notes to community security researchers who reported several of these. The takeaway: **update to get all seven**, and review the cross-platform [security center](https://openclawdatabase.com/security/) if your agent handles real credentials.








## Channel and Voice Improvements



Telegram now correctly keeps typing indicators and progress context inside forum topics. iMessage attachment routes are fixed, and duplicate local message de-duplication is improved. WhatsApp group and media behavior is restored after regressions in earlier releases. Signal, iMessage, and WhatsApp all now support reaction approvals — you can approve an agent action by reacting with a thumbs up instead of typing `/approve`.








## Settings & defaults that changed



If you maintain a config, these are the concrete changes worth checking after updating:



- **cron.max_concurrent_runs now defaults to 8** (was effectively 1). Scheduled tasks — morning briefings, data pulls, background checks — now run in parallel instead of queuing. If you deliberately want serial execution, set this back down explicitly.
- **Image backend swapped: Sharp → Raster Mill.** OpenClaw no longer installs the Sharp Node.js library at all — the most common cause of install failures on ARM and some Linux setups. Covers metadata reading, resizing, EXIF orientation, and PNG alpha. No action needed; installs just get cleaner. If you previously added a Sharp workaround, you can remove it.
- **Auth rate limiter is now on by default** (see security table). If you have a custom limiter config, confirm it isn't now redundant.
- **Bundled Codex updated to 0.134.0.** If you use OpenClaw with the Codex plugin for coding tasks, you're on the latest after updating.



As always, run `openclaw backup` (or your equivalent) before updating a working setup, and run `openclaw doctor` after to catch any config drift.








## Related on OpenClawDatabase



- [OpenClaw Hub](https://openclawdatabase.com/openclaw/) — guides, setup, and platform overview
- [OpenClaw Security Guide](https://openclawdatabase.com/openclaw/security/) — prompt injection, SSRF, and agent hardening
- [OpenClaw Configuration](https://openclawdatabase.com/openclaw/configuration/) — gateway, cron, and channel settings
- [Changelog](https://openclawdatabase.com/changelog/) — all tracked OpenClaw releases





## More OpenClaw & Claude Code news

 [▶ OpenLumara: A Modular, Local-First AI Agent vs OpenClaw &amp; Hermes 2026-07-14](https://openclawdatabase.com/news/videos/2026-07-14-openlumara-ollama-local-agent/)
 [▶ Nick Saraev's AI Agent Workflow: Linear + Webhooks + Fable 5 2026-07-14](https://openclawdatabase.com/news/videos/2026-07-14-ai-agent-workflow-linear-webhooks-fable/)
 [▶ AI Developer Workflows: The Pattern Beyond &quot;Loop Engineering&quot; (analysis, not a how-to) 2026-07-13](https://openclawdatabase.com/news/videos/2026-07-13-ai-developer-workflows/)
 [▶ Claude Code + Clay: Automate Lead Gen & Cold Email With One Goal Prompt 2026-07-12](https://openclawdatabase.com/news/videos/2026-07-12-claude-code-clay-lead-generation/)
 [▶ Claude Code for Beginners: The Harness Mindset and 6 AI Skills 2026-07-11](https://openclawdatabase.com/news/videos/2026-07-11-claude-code-for-normal-people/)
 [▶ GPT-5.6 Sol vs Fable 5: Cost, Tokens &amp; Agentic Builds Tested 2026-07-10](https://openclawdatabase.com/news/videos/2026-07-10-gpt-5-6-sol-vs-fable-5/)

[See all OpenClaw news →](https://openclawdatabase.com/news/openclaw/)

## Go deeper: OpenClaw guides

Hands-on guides to put this into practice:

 [⚡ Setup: Install in 10 Minutes](https://openclawdatabase.com/openclaw/setup/)

 [🔐 Security Hardening](https://openclawdatabase.com/openclaw/security/)

 [⚙️ Configuration Reference](https://openclawdatabase.com/openclaw/configuration/)

 [🛠 Skills Guide: Write Your Own](https://openclawdatabase.com/openclaw/skills-guide/)

 [🧭 Compare Agents Which agent fits your use case — side-by-side.](https://openclawdatabase.com/compare/)

 [⌨️ Command Reference Every CLI command & flag across platforms.](https://openclawdatabase.com/commands/)

← Back to [News digest](https://openclawdatabase.com/news/) · See also: [OpenClaw security guide](https://openclawdatabase.com/openclaw/security/)
