< BACK TO NEWS
importantSYS.SOURCE: The Hacker News2026-07-10T19:49:50+05:30

Researcher Unveils WhatsApp-to-Host Attack Chain Exploiting Three OpenClaw Vulnerabilities

#OpenClaw Vulnerabilities#WhatsApp Security#Sandbox Escape

A researcher uncovered a critical attack chain exploiting three patched vulnerabilities in the OpenClaw AI assistant, enabling host code execution via WhatsApp messages through sandbox escapes and command injection. The flaws allowed bypassing directory restrictions to access sensitive data and system resources, with mitigation recommendations including software updates and configuration hardening.

Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host.

A brief description of the high-severity vulnerabilities is as follows -

GHSA-hjr6-g723-hmfm (CVSS score: 8.8) - An operating system

Read original article

*** END OF TRANSMISSION ***