Security · 2h ago
WhatsApp-to-Host Attack Chain Exploits Three OpenClaw Flaws
Three high-severity vulnerabilities in the OpenClaw AI assistant could allow credential theft, privilege escalation, and code execution via WhatsApp. The flaws, tracked as GHSA-hjr6-g723-hmfm (CVSS 8.8) and others, have been patched. Attackers could chain them to compromise the host system from a WhatsApp message.
Meridian48 take
While patched, the attack chain highlights the growing risk of AI assistants as an attack surface, especially when integrated with messaging platforms.
Read the full reporting
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws →
The Hacker News
openclawwhatsapp-attack