CVE-2026-24764: OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
(updated )
When the Slack integration is enabled, Slack channel metadata (topic/description) could be incorporated into the model’s system prompt.
References
- github.com/advisories/GHSA-782p-5fr5-7fj8
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/35eb40a7000b59085e9c638a80fd03917c7a095e
- github.com/openclaw/openclaw/releases/tag/v2026.2.3
- github.com/openclaw/openclaw/security/advisories/GHSA-782p-5fr5-7fj8
- nvd.nist.gov/vuln/detail/CVE-2026-24764
Code Behaviors & Features
Detect and mitigate CVE-2026-24764 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →