CVE-2026-27001

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15

Description OpenClaw embedded the current working directory (workspace path) into the agent system prompt without proper sanitization. An attacker could potentially exploit this by creating a directory with control or format characters, such as newlines or Unicode bidi/zero-width markers. These characters could disrupt the prompt structure and allow the attacker to inject malicious instructions. This prompt injection could alter the agent's behavior, potentially leading to unintended tool use or the disclosure of sensitive information. The vulnerable component is the process of embedding the workspace path into the Large Language Model (LLM) prompt.

Recommendations Update OpenClaw to version 2026.2.15 or later.