DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-41358: CVE-2026-41358: Origin Validation Error and Prompt Injection via OpenClaw Slack Integration

#security #cve #cybersecurity

CVE-2026-41358: Origin Validation Error and Prompt Injection via OpenClaw Slack Integration

Vulnerability ID: CVE-2026-41358
CVSS Score: 5.4
Published: 2026-05-04

An origin validation vulnerability (CWE-346) exists within the OpenClaw AI assistant's Slack integration prior to version 2026.4.2. The platform fails to independently verify the sender of historical thread messages against configured allowlists, enabling unauthorized users to inject malicious instructions into the LLM context when an authorized user triggers the agent. This flaw facilitates prompt injection and context poisoning attacks.

TL;DR

OpenClaw versions before 2026.4.2 fail to validate the senders of historical Slack thread messages, allowing unauthorized users to execute prompt injection attacks by participating in threads triggered by allowlisted users.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-346
  • Attack Vector: Network
  • CVSS v3.1: 5.4
  • EPSS Score: 0.00016
  • Exploit Status: PoC
  • Affected Component: prepare-thread-context.ts

Affected Systems

  • OpenClaw Node.js Agent
  • OpenClaw Slack Integration
  • OpenClaw: < 2026.4.2 (Fixed in: 2026.4.2)

Code Analysis

Commit: ac5bc4f

Fix origin validation in Slack thread context preparation to prevent prompt injection

Exploit Details

  • Vendor Advisory: Technical details and test-based reproduction steps for the prompt injection vulnerability.

Mitigation Strategies

  • Upgrade OpenClaw Node.js packages to version 2026.4.2 or later.
  • Enforce strict 'allowFrom' configurations in the Slack integration settings.
  • Disable the 'allowNameMatching' feature to prevent display-name spoofing bypasses.
  • Monitor application logs for omission events indicating blocked prompt injection attempts.

Remediation Steps:

  1. Identify all deployed instances of the OpenClaw Slack agent.
  2. Upgrade the software to version 2026.4.2.
  3. Restart the agent service to apply the updated origin validation logic.
  4. Review the Slack agent configuration file and confirm 'allowNameMatching' is set to false.

References

Read the full report for CVE-2026-41358 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)