AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-782p-5fr5-7fj8: OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions

lowvulnerabilityLLM-Specific

security

Source: GitHub Advisory DatabaseFebruary 17, 2026CVE-2026-24764

Summary

OpenClaw's Slack integration had a vulnerability where Slack channel descriptions could be injected into the AI model's system prompt (the instructions that tell the AI how to behave). This allowed attackers to use prompt injection (tricking an AI by hiding instructions in its input) to potentially trigger unintended actions or expose data if tool execution was enabled.

Solution / Mitigation

Upgrade to openclaw version 2026.2.3 or later. If you do not use the Slack integration, no action is required.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Prompt Injection

Attack SophisticationTrivial

Impact (CIA+S)

integrityconfidentiality

Affected Vendors

Affected Packages

openclaw@< 2026.2.3 (fixed: 2026.2.3)

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: February 17, 2026 at 02:12 PM

Classified by LLM (prompt v3) · confidence: 92%