DEV Community

Achin Bansal
Achin Bansal

Posted on • Originally published at gridthegrey.com

OpenClaw AI Assistant Flaws Enable WhatsApp-to-Host RCE

Forensic Summary

Three high-severity vulnerabilities in OpenClaw, a personal AI assistant, have been chained to enable remote code execution on the host system via a WhatsApp message, requiring no prior foothold. The flaws—covering OS command injection, incomplete input filtering, and path traversal—allow sandbox escape, credential theft, and privilege escalation. All three have been patched in OpenClaw version 2026.6.6, but unpatched deployments remain at significant risk.


Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/openclaw-ai-assistant-flaws-enable-whatsapp-to-host-rce/

Top comments (0)