OpenClaw command-injection, path-traversal, and link-following flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
OpenClaw now has three patched high-severity vulnerabilities that can lead to credential theft, privilege escalation, and arbitrary code execution on the host. The set includes two command-injection flaws and one path traversal/link-following bug, with fixes in version 2026.6.6. A researcher said the issues can be triggered from an external WhatsApp message when lower-trust input reaches the affected paths.
Related Happenings
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
Vulnerability
H score15
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
**OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
VulnerabilityAbout this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
Vulnerability
H score31
First: 15.05.2026 16:35
Last: 15.05.2026 16:35
Sources 1
About this happening:
Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
VulnerabilityAbout this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
OpenClaw ClawJacked localhost WebSocket brute-force security flaw
Vulnerability
H score37
First: 01.03.2026 23:44
Last: 01.03.2026 23:44
Sources 1
About this happening:
**OpenClaw**’s **ClawJacked** vulnerability allowed a **malicious website** to brute-force a **localhost WebSocket** connection and take control of a local instance, putting **ses...
OpenClaw ClawJacked localhost WebSocket brute-force security flaw
VulnerabilityAbout this happening: **OpenClaw**’s **ClawJacked** vulnerability allowed a **malicious website** to brute-force a **localhost WebSocket** connection and take control of a local instance, putting **ses...
OpenClaw Control UI crafted-link RCE (CVE-2026-25253)
Vulnerability
H score32
First: 02.02.2026 18:28
Last: 02.02.2026 18:28
Sources 1
About this happening:
**OpenClaw** **CVE-2026-25253** is a high-severity **1-click RCE** flaw that can expose **gateway tokens** and enable **full gateway compromise** on impacted instances. The weakne...
OpenClaw Control UI crafted-link RCE (CVE-2026-25253)
VulnerabilityAbout this happening: **OpenClaw** **CVE-2026-25253** is a high-severity **1-click RCE** flaw that can expose **gateway tokens** and enable **full gateway compromise** on impacted instances. The weakne...
N8n form-based workflow file-read flaw (CVE-2026-21858)
Vulnerability
H score68
First: 07.01.2026 15:48
Last: 07.01.2026 15:48
Sources 1
About this happening:
**n8n** disclosed **CVE-2026-21858** (**CVSS 10.0**), a **maximum-severity** **Content-Type confusion** flaw in **form-based workflows** that can let an **unauthenticated remote a...
N8n form-based workflow file-read flaw (CVE-2026-21858)
VulnerabilityAbout this happening: **n8n** disclosed **CVE-2026-21858** (**CVSS 10.0**), a **maximum-severity** **Content-Type confusion** flaw in **form-based workflows** that can let an **unauthenticated remote a...
Timeline
-
10.07.2026 17:19 2 articles · 1h ago
OpenClaw flaws enable host code execution and credential theft
Initial DisclosureOpenClaw maintainers said three now-patched flaws in OpenClaw version 2026.6.6 include GHSA-hjr6-g723-hmfm, GHSA-9969-8g9h-rxwm, and GHSA-575v-8hfq-m3mc, with two command-injection issues and one path-traversal/link-following bug that can enable credential theft, privilege escalation, arbitrary code execution, and host escape when lower-trust input reaches the affected paths. Chinmohan Nayak said the issues can be triggered from an external WhatsApp message.
Show sources
- Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws — thehackernews.com — 10.07.2026 17:19
- Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws — thehackernews.com — 10.07.2026 17:19