OpenClaw Agent Platform: Malicious Code Execution via User Input

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

OpenClaw Agent Platform: Malicious Code Execution via User Input

CVE-2026-30741

Summary

A flaw in OpenClaw Agent Platform v2026.2.6 allows attackers to inject and execute malicious code on a system if a user enters specific input. This could lead to unauthorized access, data theft, or system compromise. Update to a patched version to prevent this risk.

Original title

A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.

Original description

A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.

Vulnerability type

CWE-94 Code Injection

https://github.com/Named1ess/CVE-2026-30741
https://github.com/OpenClaw/OpenClaw
https://www.bilibili.com/video/BV1LoFazeEBM

Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026