Platform
nodejs
Component
openclaw
Fixed in
2026.2.4
2026.2.3
CVE-2026-24764 describes a Remote Code Execution (RCE) vulnerability within the openclaw Node.js package. This vulnerability arises when the Slack integration is enabled, allowing Slack channel metadata (topic/description) to be incorporated into the model’s system prompt, creating a prompt injection risk. The vulnerability affects versions prior to 2026.2.3 and can lead to unintended tool invocations or data exposure. A fix has been released in version 2026.2.3.
The core of this vulnerability lies in prompt injection. When the Slack integration is active, the metadata associated with Slack channels (specifically the topic and description) can be inadvertently included within the system prompt used by the LLM. This effectively treats untrusted Slack data as higher-trust system input. If tool execution is also enabled within the openclaw deployment, a successful prompt injection attack could lead to the unintended invocation of tools, potentially granting an attacker unauthorized access or control. Furthermore, the injection could expose sensitive data that the LLM has access to, widening the scope of the potential damage. The impact is directly proportional to the sensitivity of the data processed by the LLM and the privileges granted to any tools it can invoke.
CVE-2026-24764 has a LOW CVSS score, indicating a relatively low probability of exploitation. As of the public disclosure date (2026-02-17), there are no publicly known proof-of-concept exploits. It is not currently listed on the CISA KEV catalog. The vulnerability's reliance on the Slack integration and the need for prompt injection knowledge may limit its widespread exploitation, but the potential for data exposure and tool invocation warrants attention.
Exploit Status
EPSS
0.03% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-24764 is to upgrade to version 2026.2.3 or later of the openclaw package. This version contains the necessary fixes to prevent Slack channel metadata from being incorporated into the system prompt. If an immediate upgrade is not feasible due to compatibility issues or breaking changes, consider disabling the Slack integration entirely. As a temporary workaround, carefully sanitize any Slack channel metadata before it is used within the system prompt, though this is not a substitute for upgrading. Monitor LLM input and output for unexpected behavior that could indicate a successful prompt injection attack. After upgrading, confirm the fix by attempting to inject malicious prompts through Slack channel metadata and verifying that they are not incorporated into the system prompt.
Actualice OpenClaw a la versión 2026.2.3 o superior. Esta versión corrige la vulnerabilidad de inyección de prompt al evitar que metadatos no confiables del canal de Slack se incorporen al prompt del sistema.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-24764 is a Remote Code Execution vulnerability in the openclaw Node.js package. It allows Slack channel metadata to be injected into the LLM system prompt, potentially leading to unintended actions.
You are affected if you are using openclaw with the Slack integration enabled and are running a version prior to 2026.2.3.
Upgrade to version 2026.2.3 or later of the openclaw package. If upgrading is not immediately possible, disable the Slack integration or sanitize Slack metadata.
As of the public disclosure date, there are no publicly known active exploits for CVE-2026-24764.
Refer to the openclaw project's release notes and documentation for the official advisory regarding CVE-2026-24764.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.