Low severityNVD Advisory· Published Feb 19, 2026· Updated Feb 19, 2026
OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
CVE-2026-24764
Description
OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.2.3 | 2026.2.3 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-782p-5fr5-7fj8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-24764ghsaADVISORY
- github.com/openclaw/openclaw/commit/35eb40a7000b59085e9c638a80fd03917c7a095eghsax_refsource_MISCWEB
- github.com/openclaw/openclaw/releases/tag/v2026.2.3ghsax_refsource_MISCWEB
- github.com/openclaw/openclaw/security/advisories/GHSA-782p-5fr5-7fj8ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.