CVE-2026-26320: OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the `openclaw://` URL scheme. For `openclaw
Summary
OpenClaw is a personal AI assistant with a macOS desktop client that can be triggered through deep links (special URLs that open apps). In versions 2026.2.6 through 2026.2.13, attackers could hide malicious commands by padding messages with whitespace, so users would see only a harmless preview but the full hidden command would execute when they clicked 'Run'. This works because the app only displayed the first 240 characters in the confirmation dialog before executing the entire message.
Solution / Mitigation
The issue is fixed in version 2026.2.14. The source also mentions mitigations: do not approve unexpected 'Run OpenClaw agent?' prompts triggered while browsing untrusted websites, and use deep links only with a valid authentication key for trusted personal automations.
Vulnerability Details
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-26320
First tracked: February 19, 2026 at 07:07 PM
Classified by LLM (prompt v3) · confidence: 92%