{"data":{"id":"7cb6ec1c-5422-40c5-983a-1efaa54106b3","title":"GHSA-2qj5-gwg2-xwc4: OpenClaw: Unsanitized CWD path injection into LLM prompts","summary":"OpenClaw, an AI agent tool, had a vulnerability where the current working directory (the folder path where the software is running) was inserted into the AI's instructions without cleaning it first. An attacker could use special characters in folder names, like line breaks or hidden Unicode characters, to break the instruction structure and inject malicious commands, potentially causing the AI to misuse its tools or leak sensitive information.","solution":"Update to OpenClaw version 2026.2.15 or later. The fix sanitizes the workspace path by stripping Unicode control/format characters and explicit line/paragraph separators before embedding it into any LLM prompt output, and applies the same sanitization during workspace path resolution as an additional defensive measure.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-2qj5-gwg2-xwc4","publishedAt":"2026-02-18T22:42:29.000Z","cveId":"CVE-2026-27001","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":["openclaw@< 2026.2.15 (fixed: 2026.2.15)"],"affectedVendors":[],"affectedVendorsRaw":["OpenClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00021,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}