OpenClaw Library Flaw Affects Deep Links

- The vulnerability, identified as CVE-2026-26320, specifically affects the OpenClaw macOS desktop client, which is still in beta. It allows an attacker to craft a malicious payload that is hidden from the user in a confirmation dialog. - The exploit works by padding a message with whitespace, pushing the malicious part of the command beyond the 240-character limit of the preview dialog. A user would approve what appears to be a benign command, while the full, malicious command is executed. - OpenClaw is an open-source AI agent designed to automate tasks by connecting to and controlling applications and systems like calendars, emails, and the command-line terminal. This deep integration with the operating system is what makes the vulnerability a significant security concern. - For macOS developers, the issue is directly relevant as the OpenClaw macOS application registers a custom `openclaw://` URL scheme to handle deep links, a common integration point for inter-app communication on Apple platforms. - The library has built-in skills for interacting with the Apple ecosystem, including Notes and Reminders, and can be extended with custom skills, making it a powerful tool for developers and power users on macOS. - Given its capabilities to control smart home devices through natural language and APIs, a compromised OpenClaw agent could pose a risk to home automation setups. - The vulnerability is classified as a medium severity remote code execution flaw, and developers are advised to upgrade to version 2026.2.14 or later to apply the patch. - This is not the only recent security issue in the OpenClaw project; other recently patched vulnerabilities include a critical WebSocket authentication flaw (CVE-2026-25253) and several high-severity Server-Side Request Forgery (SSRF) bugs.