OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Clawdbot |
|
No data.
No data.
References
History
Thu, 19 Feb 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Clawdbot
Clawdbot clawdbot |
|
| Vendors & Products |
Clawdbot
Clawdbot clawdbot |
Thu, 19 Feb 2026 01:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3. | |
| Title | OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions | |
| Weaknesses | CWE-74 CWE-94 |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-02-19T01:10:17.540Z
Updated: 2026-02-19T01:10:17.540Z
Reserved: 2026-01-26T21:06:47.867Z
Link: CVE-2026-24764
Vulnrichment
No data.
NVD
No data.
Redhat
No data.