Main Vulnerability Database SB2026050464

SB2026050464 - Improper Neutralization of Special Elements in Output Used by a Downstream Component in OpenClaw

Published: May 4, 2026

Security Bulletin ID SB2026050464

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2026-24764)

The vulnerability allows a remote user to influence system prompts and disclose sensitive information or modify model behavior.

The vulnerability exists due to improper neutralization of special elements in output used by a downstream component in the Slack integration when incorporating Slack channel metadata into the model's system prompt. A remote user can control a channel topic or description to influence system prompts and disclose sensitive information or modify model behavior.

User interaction is required, and the issue is present only when the Slack integration is enabled.

Remediation

Install update from vendor's website.

SB2026050464 - Improper Neutralization of Special Elements in Output Used by a Downstream Component in OpenClaw

Breakdown by Severity

Description

Remediation

References

Please verify you're human