What is CVE-2026-30741?

A critical remote code execution vulnerability in OpenClaw Agent Platform v2026.2.6 that allows attackers to execute arbitrary code through request-side prompt injection without user interaction.

How does CVE-2026-30741 work?

An attacker crafts a prompt injection payload that bypasses integrity validation for upstream API requests. This poisons the request stream and tricks high-performance models into generating unauthorized terminal commands that are executed via MCP tools without human confirmation.

Which OpenClaw versions are affected by CVE-2026-30741?

OpenClaw Agent Platform v2026.2.6 and earlier versions are affected. Users should update to the latest patched version immediately.

What is the CVSS score of CVE-2026-30741?

The vulnerability is classified as critical severity with CWE-94 (Improper Control of Generation of Code). It enables unauthenticated remote code execution with no user interaction required.

How do I fix CVE-2026-30741 in OpenClaw?

Update your OpenClaw installation to a version newer than v2026.2.6. The fix involves proper integrity validation for upstream API requests and input sanitization.

Is there a proof of concept for CVE-2026-30741?

Yes, a public proof of concept exists on GitHub at github.com/Named1ess/CVE-2026-30741 demonstrating the request-side prompt injection attack vector.

What is request-side prompt injection in OpenClaw?

Unlike standard prompt injection (embedded in documents the agent reads), request-side prompt injection targets the upstream API communication channel itself, poisoning the request stream before it reaches the model.

← Back to dashboard

clawsmith.com/signal/cve-2026-30741-rce-prompt-injection-openclaw

⚠ IssueWide OpenLive

CVE-2026-30741: OpenClaw RCE via Request-Side Prompt Injection in v2026.2.6

Critical remote code execution vulnerability in OpenClaw Agent Platform v2026.2.6. Attackers execute arbitrary code via request-side prompt injection that bypasses integrity validation, inducing models to generate unauthorized terminal commands executed via MCP tools without human confirmation. CWE-94. Disclosed March 11, 2026. Affects all OpenClaw instances running v2026.2.6 or earlier.