CVE-2026-24764

LOW EPSS 10.0%
Published Feb 19, 20264mo ago · Modified Jun 17, 20262w ago
3.7 CVSS 3.1
Low
Find Similar
Published Feb 19, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3.

CVSS Details

Base Score
3.7
Exploitability
1.2
Impact
2.5
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
10.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-74
CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.3

References 3

  • github.com https://github.com/openclaw/openclaw/commit/35eb40a7000b59085e9c638a80fd03917c7a095e
    Patch
  • github.com https://github.com/openclaw/openclaw/releases/tag/v2026.2.3
    ProductRelease Notes
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-782p-5fr5-7fj8
    ExploitPatchVendor Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/35eb40a7000b59085e9c638a80fd03917c7a095e
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-782p-5fr5-7fj8
    ExploitPatchVendor Advisory