OpenClaw versions prior to 2026 are susceptible to a high-severity flaw involving interactive callbacks, increasing the risk of unauthorized system manipulation.

The vulnerability resides in the way OpenClaw handles interactive callbacks. Improper validation within these functions could allow an attacker to influence application behavior in unintended ways.

With a CVSS score of 8.8, this is a High-severity issue. Exploitation could allow attackers to bypass security controls or perform unauthorized actions, potentially leading to data manipulation and loss of system integrity.

Immediate Action: Update all OpenClaw components to the most recent version available from the vendor.

Proactive Monitoring: Monitor system logs for unusual callback-related errors or unexpected application behavior that might indicate an exploitation attempt.

Compensating Controls: Restrict interactive access to the application to authorized users only and ensure that all input processed by the system is validated at the application layer.

Public Exploit Available: false

Given the potential for this vulnerability to be used for unauthorized system manipulation, immediate patching is essential. Security administrators should prioritize testing and deploying the update to all affected production systems to mitigate the high risk posed by this flaw.