CVE-2026-24764
LOW EPSS 10.0%
Published Feb 19, 20264mo ago · Modified Jun 17, 20262w ago
3.7 CVSS 3.1
Published Feb 19, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago
Description
OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
10.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 2
CWE-74
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| openclaw | openclaw | * | <2026.2.3 |
References 3
- github.com https://github.com/openclaw/openclaw/commit/35eb40a7000b59085e9c638a80fd03917c7a095e
- github.com https://github.com/openclaw/openclaw/releases/tag/v2026.2.3
- github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-782p-5fr5-7fj8
Remediation
- github.com https://github.com/openclaw/openclaw/commit/35eb40a7000b59085e9c638a80fd03917c7a095e
- github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-782p-5fr5-7fj8