CVE-2026-27001
HIGH
GHSA-2qj5-gwg2-xwc4
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters (for example newlines or Unicode bidi/zero-width markers), those characters could break the prompt structure and inject attacker-controlled instructions. Starting in version 2026.2.15, the workspace path is sanitized before it is embedded into any LLM prompt output, stripping Unicode control/format characters and explicit line/paragraph separators. Workspace path resolution also applies the same sanitization as defense-in-depth.
Analysis
OpenClaw versions prior to 2026.2.15 fail to sanitize workspace directory paths before injecting them into LLM prompts, allowing local attackers with execution privileges to inject malicious instructions through control characters and Unicode markers in directory names. An attacker can exploit this prompt injection vulnerability to manipulate the AI assistant's behavior and execute unintended commands. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all OpenClaw installations and their versions across the organization. Within 7 days: Apply vendor patch to upgrade all instances to version 2026.2.15 or later; test in non-production environment first. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today