AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-30741: A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary c

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 11, 2026CVE-2026-30741

Summary

CVE-2026-30741 is a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in OpenClaw Agent Platform v2026.2.6 that can be triggered through a request-side prompt injection attack (tricking the AI by hiding malicious instructions in its input). The vulnerability allows attackers to execute arbitrary code, though a CVSS severity score (a 0-10 rating of how severe a vulnerability is) has not yet been assigned by NIST.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

March 11, 2026

Classification

Attack Type

Prompt Injection

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Affected Vendors

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: March 11, 2026 at 04:07 PM

Classified by LLM (prompt v3) · confidence: 75%