LIVE FEED
OpenClaw AI Assistant Flaws Enable WhatsApp-to-Host RCE

OpenClaw AI Assistant Flaws Enable WhatsApp-to-Host RCE

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 The Hacker News

Three high-severity vulnerabilities in OpenClaw, a personal AI assistant, have been chained to enable remote code execution on the host system via a WhatsApp message, requiring no prior foothold. The flaws—covering OS command injection, incomplete input filtering, and path traversal—allow sandbox escape, credential theft, and privilege escalation. All three have been patched in OpenClaw version 2026.6.6, but unpatched deployments remain at significant risk.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.