Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.7
Slack Integration in OpenClaw Can Execute Unwanted Commands
CVE-2026-24764
GHSA-782p-5fr5-7fj8
Summary
If you use Slack with OpenClaw, an attacker could inject malicious code that could execute unintended commands or expose sensitive data. To fix this, upgrade to the latest version of OpenClaw (2026.2.3 or later). If you don't use Slack, no action is needed.
What to do
- Update steipete openclaw to version 2026.2.3.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.3 | 2026.2.3 |
| openclaw | openclaw | <= 2026.2.3 | – |
Original title
OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
Original description
## Summary
When the Slack integration is enabled, Slack channel metadata (topic/description) could be incorporated into the model's system prompt.
## Impact
Prompt injection is a documented risk for LLM-driven systems. This issue increased the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input.
This is relevant only for deployments that enable Slack. In deployments where tool execution is enabled, a successful injection could lead to unintended tool invocations and/or unintended data exposure.
## Affected Packages / Versions
- npm: `openclaw` < 2026.2.3
## Patched Versions
- npm: `openclaw` >= 2026.2.3
## Mitigation
- If you do not use Slack: no action required.
- If you use Slack: upgrade to a patched version.
## Fix Commit(s)
- 35eb40a7000b59085e9c638a80fd03917c7a095e
Thanks @KonstantinMirin for reporting.
When the Slack integration is enabled, Slack channel metadata (topic/description) could be incorporated into the model's system prompt.
## Impact
Prompt injection is a documented risk for LLM-driven systems. This issue increased the injection surface by allowing untrusted Slack channel metadata to be treated as higher-trust system input.
This is relevant only for deployments that enable Slack. In deployments where tool execution is enabled, a successful injection could lead to unintended tool invocations and/or unintended data exposure.
## Affected Packages / Versions
- npm: `openclaw` < 2026.2.3
## Patched Versions
- npm: `openclaw` >= 2026.2.3
## Mitigation
- If you do not use Slack: no action required.
- If you use Slack: upgrade to a patched version.
## Fix Commit(s)
- 35eb40a7000b59085e9c638a80fd03917c7a095e
Thanks @KonstantinMirin for reporting.
nvd CVSS3.1
3.7
Vulnerability type
CWE-74
Injection
CWE-94
Code Injection
- https://github.com/openclaw/openclaw/commit/35eb40a7000b59085e9c638a80fd03917c7a... Patch
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.3 Product Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-782p-5fr5-7fj8 Exploit Patch Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-24764
- https://github.com/advisories/GHSA-782p-5fr5-7fj8
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026