` could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin. Version 2026.2.15 removed inline script injection and serve bootstrap config from a JSON endpoint and added a restrictive Content Security Policy for the Control UI (`script-src 'self'`, no inline scripts).", "datePublished": "2026-02-19T23:25:41Z", "dateModified": "2026-02-20T15:36:57Z", "keywords": "CVE-2026-27009, vulnerability, CVE, security, openclaw, openclaw", "about": { "@type": "SoftwareApplication", "name": "openclaw", "applicationCategory": "SecurityApplication", "operatingSystem": "All" } }
CVE-2026-27009 MEDIUM

CVE-2026-27009: OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection

Vendor Openclaw
Product openclaw
Weakness CWE-79 · XSS
Published February 19, 2026
Last update February 20, 2026

CVSS base score

5.8/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity (name/avatar) into an inline `<script>` tag without script-context-safe escaping. A crafted value containing `</script>` could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin. Version 2026.2.15 removed inline script injection and serve bootstrap config from a JSON endpoint and added a restrictive Content Security Policy for the Control UI (`script-src 'self'`, no inline scripts).

Key dates

02Disclosure timeline

February 19, 2026 CVE published
February 20, 2026 Record updated

Related vulnerabilities

04Related CVE