BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Three OpenClaw AI flaws allow host takeover via WhatsApp

OpenClaw AI flaws patched after WhatsApp message enabled host takeover

  • Three high-severity flaws in the OpenClaw AI assistant (CVSS 8.8, 8.8, 8.4) could enable credential theft, privilege escalation, and arbitrary code execution.
  • Researcher Chinmohan Nayak demonstrated host code execution by sending a WhatsApp message to an OpenClaw agent, exploiting sandbox escape and command injection.
  • All vulnerabilities have been patched in version 2026.6.6; users should upgrade and restrict tool allowlists to mitigate risks.

Details have emerged about three now-patched security flaws in the OpenClaw personal AI assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. The high-severity vulnerabilities include two operating system command injection bugs (GHSA-hjr6-g723-hmfm and GHSA-9969-8g9h-rxwm) both rated CVSS 8.8, and a path traversal flaw (GHSA-575v-8hfq-m3mc) rated CVSS 8.4.

- Advertisement -

The path traversal issue allows sandbox bind mounts to bypass parent-directory denylist checks, according to an explanatory paper. Researcher Chinmohan Nayak, who discovered the flaws, demonstrated in a report that a WhatsApp message could trigger host code execution without requiring a prior foothold.

Unlike previous vulnerabilities in the Claw Chain disclosed in May, these bugs do not need an attacker to already be inside the system. Nayak explained that the denylist blocks directories like “~/.ssh” but fails to block the parent directory “/home,” effectively allowing credential theft.

Mounting “/home” into a container exposes SSH keys, AWS credentials, and GPG secrets, while mounting “/var” grants access to the Docker socket, enabling full host escape. OpenClaw maintainers advised that “practical impact depends on the operator’s configuration and whether lower-trust input can reach that path.”

All three shortcomings have been addressed in OpenClaw version 2026.6.6. Users should enable sandbox mode for non-main sessions, remove “exec” from tool allowlists, and monitor for git clone commands using the “ext::” protocol helper. OpenClaw stated: “Before upgrading, restrict the affected feature to trusted operators or disable it when it is not needed.”

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Robinhood Chain scams: users lose money on launch day

Robinhood’s new blockchain mainnet launched July 1 and is already flooded with scams, including...

New Hampshire council votes down $100M Bitcoin bond proposal

New Hampshire's executive council voted 3-2 against a $100 million BTC-backed bond proposalThe proposal...

Morgan Stanley Reiterates Nvidia Buy, Sets $288 Target

NVIDIA stock opened Friday at $202, trading within a $190–$210 range.Morgan Stanley analyst Joseph...

Trump rejects CBDC housing bill; becomes law automatically

President Trump announced he will not sign a bipartisan housing bill that includes a...

Robinhood Chain Ranks Top 5 in DEX Volume Days After Launch

Robinhood Chain entered the top five blockchains by 24-hour DEX trading volume less than...

Must Read

5 Best Crypto Jobs Sites To Land Your Next Six Figure Job

The cryptocurrency and blockchain job market has exploded. With new blockchain start-ups and projects being founded at a blistering pace, the demand for workers...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading