2 matches found
GHSA-3M3Q-X3GJ-F79X OpenClaw optional voice-call plugin: webhook verification may be bypassed behind certain proxy configurations
Affected Packages / Versions This issue affects the optional voice-call plugin only. It is not enabled by default; it only applies to installations where the plugin is installed and enabled. - Package: @openclaw/voice-call - Vulnerable versions: = 2026.2.3 Legacy package name if you are still usi...
GHSA-782P-5FR5-7FJ8 OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
Summary When the Slack integration is enabled, Slack channel metadata topic/description could be incorporated into the model's system prompt. Impact Prompt injection is a documented risk for LLM-driven systems. This issue increased the injection surface by allowing untrusted Slack channel metadat...