Skip to main content
← Back to Blog

9 April 2026

OpenClaw v2026.4.9

ReleaseOpenClawDreamingSecurityAndroid

v2026.4.9 just shipped. Four focused areas this cycle: the dreaming system gets a major upgrade, security hardening against SSRF and node exec injection, new character-vibes QA evaluation framework, and a complete overhaul of Android device pairing. Here's what changed.

Dreaming: REM Backfill & Diary Timeline UI

The experimental dreaming system introduced in v2026.4.5 now supports REM backfill— agents can retroactively process and consolidate memories from past conversations during idle periods. Think of it as your agent "sleeping on it" and waking up with better recall.

  • REM backfill pipeline — scans recent conversation history during idle cycles, identifies unprocessed memories, and promotes them through the dream consolidation pipeline
  • Dream Diary timeline UI — new visual timeline in Control UI showing when your agent dreamed, what memories were consolidated, and the conceptual tags generated
  • Configurable dream depth — control how far back the backfill reaches (default: 48h) and how aggressively memories are promoted
  • Dream metrics — track consolidation counts, memory promotion rates, and dream cycle durations in the dashboard

The diary UI is accessible via /dreamingin the Control panel or the new "Dreams" tab in agent settings. Each dream entry shows the source conversations, the memories extracted, and how they connect to existing knowledge.

SSRF & Node Exec Injection Hardening

Critical security hardening in this release. Two vectors patched:

  • SSRF blocklist expansion — extended coverage for IPv4-mapped IPv6 addresses, DNS rebinding via dual-stack resolvers, and cloud metadata endpoints (169.254.169.254, fd00::/8). The blocklist now catches ~40 additional bypass patterns identified through fuzzing
  • Node exec injection guard — new sandbox layer around tool execution that prevents prompt-injected payloads from breaking out of the agent tool sandbox into host-level child_process calls. All tool exec paths now run through a validated allowlist
  • URL validation at parse time — URLs are now validated immediately on parse rather than at request time, closing a TOCTOU window where a valid URL could be swapped for a malicious one between validation and fetch

If you run self-hosted OpenClaw, update immediately. These are defence-in-depth fixes — no known exploits in the wild, but the attack surface is now significantly smaller.

Character-Vibes QA Evals

New evaluation framework for testing whether your agent actually sounds like the character you configured. Character-vibes QA runs automated conversation probes against your agent's persona and scores responses on consistency, tone, vocabulary, and behavioral alignment.

  • Vibe scoring — 0-100 score across four dimensions: voice consistency, emotional range, knowledge boundaries, and refusal patterns
  • Drift detection — alerts when your agent's responses start diverging from the configured persona (common after long conversations or memory accumulation)
  • Probe library — built-in set of adversarial and edge-case prompts designed to test character boundaries (e.g., "break character" attempts, out-of-domain questions, emotional manipulation)
  • CI integration — run openclaw eval --character in your pipeline to gate deployments on persona quality

This is particularly useful for music industry agents on Agentbot where persona consistency matters — your DJ agent shouldn't suddenly start talking like a customer support bot.

Android Pairing Overhaul

Complete rewrite of the Android device pairing flow. Previous implementation had reliability issues with WebSocket handshake on certain Android WebView versions and Samsung Internet.

  • QR-first pairing — scan a QR code from the Control UI to pair your Android device instantly. Falls back to manual token entry
  • Persistent connection — paired devices now maintain connection through app backgrounding and network switches via a lightweight heartbeat protocol
  • Push notification bridge — agent messages can now trigger Android push notifications even when the app is closed
  • Samsung Internet fix — resolved a WebSocket upgrade header issue specific to Samsung Internet 24+ that caused pairing to silently fail

Updating

All Agentbot managed containers auto-update on next deploy cycle. Self-hosted operators:

docker pull ghcr.io/openclaw/openclaw:latest
openclaw --version  # should show 2026.4.9

Run openclaw doctor --fix after updating to ensure all config paths are migrated. No breaking changes in this release.

Previous: v2026.4.5 →Solana Integrations →$AGENTBOT Token →
ONLINE
© 2026 Agentbot