Duplicate Advisory: OpenClaw: Isolated cron awareness events were recorded as trusted system events

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-57r2-h2wj-g887. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing...

EUVD-2026-29144

OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...

GHSA-M5J2-R859-R5CV Duplicate Advisory: OpenClaw: Isolated cron awareness events were recorded as trusted system events

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-57r2-h2wj-g887. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing...

CVE-2026-44999

OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...

CVE-2026-44999 OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events

OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...

CVE-2026-44999

OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...

PT-2026-39688

OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...

CVE-2026-43534

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context...

CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context...

CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context...

CVE-2026-43534

OpenClaw has a vulnerability in input validation prior to version 2026.4.10, where external hook metadata can be enqueued as trusted system events. This allows attackers to supply malicious hook names to escalate untrusted input into higher-trust agent context. Affected software: OpenClaw (pre-20...

OpenClaw 数据伪造问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 had a data falsification vulnerability. This vulnerability stemmed from insufficient input validation, allowing external hook metadata to be added as trusted system events...

NPM: OpenClaw: Isolated cron awareness events were recorded as trusted system events

NPM: OpenClaw: Isolated cron awareness events were recorded as trusted system events vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

OpenClaw: Isolated cron awareness events were recorded as trusted system events

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted...

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the cron process. An attacker can cause untrusted events to be labeled as trusted system events by triggering isolated cron agent runs...

OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input

Summary Agent hook events could enqueue trusted system events from unsanitized external input. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Agent hook dispatch could turn externally supplied hook metadata into trusted system events,...

GHSA-7G8C-CFR3-VQQR OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input

Summary Agent hook events could enqueue trusted system events from unsanitized external input. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Agent hook dispatch could turn externally supplied hook metadata into trusted system events,...

CVE-2026-35642

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted...

Trust Boundary Violation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Trust Boundary Violation via the process handling background runtime output injection into trusted System: events. An attacker can escalate privileges or inject unauthorized commands by...

GHSA-GFMX-PPH7-G46X OpenClaw: Lower-trust background runtime output is injected into trusted `System:` events, and local async exec completion misses the intended `exec-event` downgrade

Impact Lower-trust background runtime output is injected into trusted System: events, and local async exec completion misses the intended exec-event downgrade. Lower-trust runtime/background output could be promoted into trusted System events, allowing prompt-injection into later agent turns...