By Interestana AI Editorial — AI-drafted, human-overseen. How we report
WhatsApp-to-Host Attack Chain Exploits Three OpenClaw Flaws

A researcher has detailed a sophisticated attack chain that could leverage three previously undisclosed vulnerabilities in the OpenClaw personal AI assistant to compromise host systems. These flaws, now patched, could enable attackers to steal user credentials, escalate privileges, and execute arbitrary code. The attack chain begins with a WhatsApp message, exploiting a vulnerability (GHSA-hjr6-g723-hmfm) with a CVSS score of 8.8, which allows for the initial compromise.
Following the initial exploit, two further vulnerabilities within OpenClaw itself would be chained together. The first of these, GHSA-9v2w-7f7r-666f (CVSS score: 7.5), permits the attacker to gain elevated privileges on the compromised system. The second, GHSA-4q3f-3c3f-8r42 (CVSS score: 9.8), enables the execution of arbitrary code, effectively giving the attacker full control over the host machine. The researcher demonstrated that this chain could be initiated through a specially crafted message sent via WhatsApp, highlighting a significant risk to users of the AI assistant.
OpenClaw, a personal AI assistant, is designed to integrate with various applications and services, potentially increasing the attack surface for such vulnerabilities. The disclosure of these flaws and the detailed attack chain underscore the importance of timely patching and robust security practices for AI-powered software. The researcher's findings were shared following the successful remediation of the vulnerabilities by the OpenClaw development team, preventing widespread exploitation.
Original source — read the full reporting at the publisher:
Read on The Hacker NewsGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.