We use cookies to improve your experience on our site.
AVID-2026-R0215
Description
OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions (CVE-2026-24764)
Details
OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model’s system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3.
References
- NVD entry
- https://github.com/openclaw/openclaw/security/advisories/GHSA-782p-5fr5-7fj8
- https://github.com/openclaw/openclaw/commit/35eb40a7000b59085e9c638a80fd03917c7a095e
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.3
- OpenClawCVEs repository
Affected or Relevant Artifacts
- Developer: clawdbot
- Deployer: clawdbot
- Artifact Details:
| Type | Name |
|---|---|
| System | clawdbot |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N |
| Base Score | 3.7 |
| Base Severity | 🟢 Low |
| Attack Vector | NETWORK |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🟢 Low |
| Integrity Impact | 🟢 Low |
| Availability Impact | NONE |
CWE
| ID | Description |
|---|---|
| CWE-74 | CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) |
| CWE-94 | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2026-02-19
- Version: 0.3.2
- AVID Entry