CVE-2026-26320

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.6 through 2026.2.13

Description The OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links lacking an unattended key, the application displays a confirmation dialog. Previously, this dialog showed only the first 240 characters of the message, but executed the complete message upon user confirmation. An attacker could exploit this by padding the message with whitespace to conceal a malicious payload beyond the visible preview, potentially leading a user to approve an unintended action. If a user executes the deep link, the agent may perform actions that could result in arbitrary command execution, dependent on the user's configured tool approvals and allowlists. This is a social-engineering mediated issue where the confirmation prompt may misrepresent the executed message. The vulnerable component is the confirmation prompt for openclaw://agent deep links.

Recommendations Upgrade to OpenClaw version 2026.2.14 or later. Do not approve unexpected "Run OpenClaw agent?" prompts triggered while browsing untrusted sites. Use unattended deep links only with a valid key for trusted personal automations.