AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-g27f-9qjv-22pm: OpenClaw log poisoning (indirect prompt injection) via WebSocket headers

lowvulnerabilityLLM-Specific

security

Source: GitHub Advisory DatabaseFebruary 17, 2026

Summary

OpenClaw versions before 2026.2.13 logged WebSocket request headers (like Origin and User-Agent) without cleaning them up, allowing attackers to inject malicious text into logs. If those logs are later read by an LLM (large language model, an AI system that processes text) for tasks like debugging, the attacker's injected text could trick the AI into doing something unintended (a technique called indirect prompt injection or log poisoning).

Solution / Mitigation

Upgrade to `openclaw@2026.2.13` or later. Alternatively, if you cannot upgrade immediately, the source mentions two workarounds: treat logs as untrusted input when using AI-assisted debugging by sanitizing and escaping them, and do not auto-execute instructions derived from logs; or restrict gateway network access and apply reverse-proxy limits on header size.

Classification

Attack Type

Prompt Injection

Attack SophisticationTrivial

Impact (CIA+S)

integrity

AI Component TargetedAPI

Affected Vendors

Affected Packages

openclaw@< 2026.2.13 (fixed: 2026.2.13)

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: February 17, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 92%