CVE-2026-30741

Prompt Injection Leading to Remote Code Execution

What this means in plain English

A specially crafted instruction hidden in web content or documents can hijack your AI agent and make it run arbitrary code on your machine. This is the 'indirect prompt injection' attack — the agent reads a malicious webpage, and that page secretly instructs the agent to do something dangerous.

Technical description

Insufficient validation of AI model responses allows crafted prompt injection payloads to escape the agent sandbox and execute arbitrary code on the host system.

Affected versions

< 0.14.0

Fixed in: 0.14.0

No patch available yet — see mitigations below

Details

CVE IDCVE-2026-30741

CVSS Score8.1 (HIGH)

CategoryPrompt Injection / RCE

Disclosed2026-03-02

StatusUnpatched

Are you affected?

Run `openclaw --version`

All versions below 0.14.0 are affected

This is unpatched — mitigation required

How to fix

Update when 0.14.0 is released

Disable web browsing skills until patched

Never run agents on untrusted content without isolation

Use GitOpenClaw Watch to monitor for suspicious behavior

Scan your skills for this vulnerability

Use GitOpenClaw to scan any skill, repo, or install command for patterns associated with CVE-2026-30741 and other known vulnerabilities. Free, no account required.

Scan a skill now →orSet up monitoring →

References

https://conscia.com/research/openclaw-prompt-injection-rce

Other OpenClaw CVEs

CVE-2026-25253high

WebSocket Hijacking via Malicious Skill

CVE-2026-24763critical

Command Injection via Skill Configuration Parameters

CVE-2026-26322high

Server-Side Request Forgery (SSRF) in URL Fetching Skill

CVE-2026-26329high

Path Traversal in File Management Skill

View all CVEs in threat database →