general · TheHackerNews
A researcher has disclosed three high-severity vulnerabilities in OpenClaw, a personal AI assistant, that could enable credential theft, privilege escalation, and arbitrary code execution on the host system. The flaws include two command injection vulnerabilities (GHSA-hjr6-g723-hmfm and GHSA-9969-8g9h-rxwm, each with CVSS 8.8) and one path traversal vulnerability (GHSA-575v-8hfq-m3mc, CVSS 8.4). According to researcher Chinmohan Nayak, the path traversal flaw allows sandbox bind mounts to bypass parent-directory denylist checks, enabling an attacker to mount restricted directories like /home or /var and access SSH keys, AWS credentials, GPG secrets, and the Docker socket. These issues have been patched in OpenClaw version 2026.6.6, and the researcher demonstrated that the flaws can be exploited via an external message sent through WhatsApp without requiring prior host access.
Organizations deploying AI assistants or containerized tools that process untrusted input—particularly SaaS platforms, defense contractors handling CUI, and regulated enterprises—should prioritize patching to OpenClaw 2026.6.6 and review sandbox configurations. The attack chain's reliance on message-based input and sandbox escape highlights the importance of defense-in-depth controls around container security, access controls to sensitive directories, and monitoring of external protocol helpers. Teams should assess whether their current tool allowlists, channel restrictions, and privilege separation meet NIST 800-171 and SOC2 control requirements for systems handling sensitive data; an Omniware engagement can scope this in detail.
Source: The Hacker News - https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html
Source: TheHackerNews
All briefings