OpenClaw releases 2026.4.21 fixing privilege escalation vulnerability, default integration with GPT-Image-2 for image generation

According to Beating Monitoring, the open-source AI Agent platform OpenClaw was released immediately afterward with version 2026.4.21.
This update mainly aims to integrate the newly released next-generation drawing model from OpenAI and fix a command permission vulnerability.

The built-in image generation channel and automated testing now default to gpt-image-2, with new 2K and 4K size prompts added in the documentation and metadata. If the preferred model fails during generation, the gateway will now log the error first and then trigger an automatic fallback, preventing silent switching that previously made it difficult to identify errors in the OpenAI interface.

In terms of security, a command privilege escalation vulnerability (#69774) has been patched. Previously, if owner-only command control (enforceOwnerForCommands) was enabled but the whitelist (ownerAllowFrom) was not configured, ordinary users could bypass restrictions using broad fallback policies; now, the system enforces verification of owner identity or operator.admin permissions.

Additionally, for routine fixes, when the browser plugin cannot find an accessibility node, it no longer waits for a timeout but intercepts immediately. Also, issues with external Slack messages failing to stay within the original discussion thread have been fixed.