OpenClaw Patches Three RCE Vulnerabilities That Let Attackers Execute Code via WhatsApp Messages
OpenClaw patched three high-severity vulnerabilities in version 2026.6.6 that allowed attackers to achieve full remote code execution by sending a single WhatsApp message to an OpenClaw agent. The flaws bypassed environment variable sanitization, re-enabled a disabled git transport protocol, and circumvented Docker sandbox path restrictions.