CVE-2026-24764
OpenClaw (formerly Clawdbot) is affected by a prompt-injection vulnerability (CVE-2026-24764) when Slack integration is enabled. In versions 2026.2.2 and earlier, Slack channel metadata (topic/description) could be incorporated into the model’s system prompt, increasing the surface for injection....