CVE-2026-24764
OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
Description
OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3.
INFO
Published Date :
Feb. 19, 2026, 1:10 a.m.
Last Modified :
Feb. 19, 2026, 1:10 a.m.
Remotely Exploit :
Yes !
Source :
GitHub_M
Affected Products
The following products are affected by CVE-2026-24764
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | LOW | MITRE-CVE |
Solution
- Update OpenClaw to version 2026.2.3.
- Disable Slack integration if update is not possible.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-24764 vulnerability anywhere in the article.