cbcvebase.
CVE-2026-30741
published 2026-03-11

CVE-2026-30741: A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.80%
52.1th percentile
A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.

Affected

1 ranges
VendorProductVersion rangeFixed in
openclawopenclaw<= 2026.2.6

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via a Request-Side prompt injection attack against the OpenClaw Agent Platform; monitor for anomalous or injected prompt payloads in agent request pipelines.
  • ·Only OpenClaw Agent Platform v2026.2.6 (package name: openclaw, formerly Moltbot or Clawdbot) is confirmed affected; no fix was listed as of Mar 19, 2026 per Homebrew.
  • ·A public exploit exists for this CVE (CVSS 9.8 CRITICAL, EPSS 57.4th percentile), increasing urgency of patching or mitigating exposed OpenClaw instances.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.