Primary

Context

OpenClaw Agent Platform Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in OpenClaw Agent Platform version 2026.2.6 and earlier. This vulnerability arises from a request-side prompt injection attack, which allows attackers to execute arbitrary code by injecting malicious prompts that are not properly validated before being processed.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where OpenClaw is running.

Reproduction

The vulnerability can be reproduced by sending a request that includes a crafted prompt injection. This injected prompt can manipulate the application's behavior to execute unauthorized commands. The proof-of-concept demonstration available on Bilibili shows this exploitation in action.

Remediation

Users are advised to update to the latest version of OpenClaw Agent Platform.

Added: Mar 11, 2026, 4:20 PM

Updated: Mar 11, 2026, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Agent Platform Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating