{"data":{"id":"05582ea6-30c8-4988-9f39-7266f41b0280","title":"CVE-2026-26320: OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the `openclaw://` URL scheme. For `openclaw","summary":"OpenClaw is a personal AI assistant with a macOS desktop client that can be triggered through deep links (special URLs that open apps). In versions 2026.2.6 through 2026.2.13, attackers could hide malicious commands by padding messages with whitespace, so users would see only a harmless preview but the full hidden command would execute when they clicked 'Run'. This works because the app only displayed the first 240 characters in the confirmation dialog before executing the entire message.","solution":"The issue is fixed in version 2026.2.14. The source also mentions mitigations: do not approve unexpected 'Run OpenClaw agent?' prompts triggered while browsing untrusted websites, and use deep links only with a valid authentication key for trusted personal automations.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-26320","publishedAt":"2026-02-19T23:16:25.017Z","cveId":"CVE-2026-26320","cweIds":["CWE-451"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00026,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}