OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-782p-5fr5-7fj8 | OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 19 Feb 2026 01:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3. | |
| Title | OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions | |
| Weaknesses | CWE-74 CWE-94 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-02-19T01:10:17.540Z
Reserved: 2026-01-26T21:06:47.867Z
Link: CVE-2026-24764
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.