OpenClaw Stored Cross-Site Scripting Vulnerability in Control UI

A stored cross-site scripting vulnerability has been identified in OpenClaw, a personal AI assistant, specifically in the Control UI component. This issue affects versions through 2026.2.14. The vulnerability arises from the improper rendering of assistant identity attributes (name and avatar) into an inline script tag without adequate escaping to prevent script injection. As a result, a maliciously crafted value could escape the script context and execute JavaScript controlled by an attacker within the Control UI's origin. The vulnerability could be exploited by an attacker who can set assistant identity values, leading to the execution of JavaScript in the Control UI and potentially allowing for token or session theft, as well as the execution of privileged actions within the UI.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the Control UI, potentially leading to session or token theft and the execution of privileged actions.

Reproduction

To reproduce this vulnerability, set the assistant identity name or avatar to a value that includes a script termination tag (</script>) followed by a JavaScript payload, such as an alert command. Once the value is saved, the Control UI will execute the injected script when it renders the assistant identity.

Remediation

Users can update to OpenClaw version 2026.2.15 or later, where this vulnerability has been fixed. Instructions for downloading the latest version are available on the OpenClaw GitHub releases page.