CVE-2026-30741
Published: 11 March 2026
Summary
CVE-2026-30741 is a critical-severity Code Injection (CWE-94) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms; in the LLM/Generative AI Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the specific RCE flaw in OpenClaw Agent Platform v2026.2.6 to prevent exploitation.
Enforces validation and sanitization of request inputs to block request-side prompt injection attacks leading to RCE.
Monitors and controls communications at external boundaries to prevent and detect network-based exploitation of the unauthenticated RCE vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-30741 enables remote unauthenticated RCE via exploitation of a network-accessible OpenClaw Agent Platform, directly facilitating T1190: Exploit Public-Facing Application.
NVD Description
A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.
Deeper analysisAI
CVE-2026-30741 is a remote code execution (RCE) vulnerability in OpenClaw Agent Platform version 2026.2.6. Published on 2026-03-11, the flaw enables attackers to execute arbitrary code via a Request-Side prompt injection attack and is associated with CWE-94. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.
Any remote, unauthenticated attacker can exploit this vulnerability over the network without user interaction. Successful exploitation allows arbitrary code execution on the affected OpenClaw Agent Platform instance, potentially leading to full system compromise.
Details on exploitation, including a proof-of-concept, are documented in the GitHub repository at https://github.com/Named1ess/CVE-2026-30741, the official OpenClaw repository at https://github.com/OpenClaw/OpenClaw, and a video at https://www.bilibili.com/video/BV1LoFazeEBM. Security practitioners should review these sources for any advisories, patches, or mitigation guidance.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: prompt injection