ByteOS Network

NVD Vulnerability Details :

CVE-2026-24764

Analyzed

Source-security-advisories@github.com

Published At-19 Feb, 2026 | 07:17

Updated At-19 Feb, 2026 | 18:30

OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata (topic/description) can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven systems. This issue increases the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input. This issue has been fixed in version 2026.2.3.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CPE Matches

openclaw>>openclaw>>Versions before 2026.2.3(exclusive)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*