Three patched vulnerabilities in OpenClaw could enable attacks via WhatsApp, leading to credential theft and arbitrary code execution. Security researcher Chinmohan Nayak detailed these vulnerabilities, which don't require prior access for exploitation, raising concerns about configuration and security practices.
The vulnerabilities affecting OpenClaw are significant due to their ability to allow credential theft, privilege escalation, and arbitrary code execution.
The identified issues are GHSA-hjr6-g723-hmfm and GHSA-9969-8g9h-rxwm, both with a CVSS score of 8.8, and GHSA-575v-8hfq-m3mc with a CVSS score of 8.4.
The first two vulnerabilities involve operating system command injections that could impact the host execution environment, allowing unauthorized actions.
The third vulnerability allows path traversal, enabling sandbox bind mounts to bypass security mechanisms meant to protect sensitive directories.
Chinmohan Nayak, who discovered these issues, explained they enable host code execution triggered by an external message via WhatsApp.
These vulnerabilities do not require an attacker to gain initial access, making them particularly concerning.
OpenClaw maintainers indicated the practical impact of these vulnerabilities depends on the operator's configuration.
Security settings that allow lower-trust input to affect critical paths can increase the risk of exploitation.
OpenClaw has addressed these vulnerabilities in version 2026.6.6, highlighting the necessity for timely updates and patches in software security.
Organizations using OpenClaw should ensure they are on the latest version to mitigate these risks.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Three patched vulnerabilities in OpenClaw could enable attacks via WhatsApp, leading to credential theft and arbitrary code execution. Security researcher Chinmohan Nayak detailed these vulnerabilities, which don't require prior access for exploitation, raising concerns about configuration and security practices.