CVE-2026-26320: OpenClaw macOS deep link confirmation truncation can conceal executed agent message
(updated )
OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full message after the user clicked “Run”.
At the time of writing, the OpenClaw macOS desktop client is still in beta.
An attacker could pad the message with whitespace to push a malicious payload outside the visible preview, increasing the chance a user approves a different message than the one that is actually executed.
References
- github.com/advisories/GHSA-7q2j-c4q5-rm27
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/28d9dd7a772501ccc3f71457b4adfee79084fe6f
- github.com/openclaw/openclaw/releases/tag/v2026.2.14
- github.com/openclaw/openclaw/security/advisories/GHSA-7q2j-c4q5-rm27
- nvd.nist.gov/vuln/detail/CVE-2026-26320
Code Behaviors & Features
Detect and mitigate CVE-2026-26320 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →