CVE-2026-43584

OpenClaw prior to version 2026.4.10 is affected by an insufficient environment variable denylist in the exec policy. This vulnerability allows operator-supplied overrides of high-risk interpreter startup variables (VIMINIT, EXINIT, LUA_INIT, HOSTALIASES), enabling manipulation of downstream execu...

CVE-2026-43580

OpenClaw contains an incomplete navigation guard vulnerability in versions prior to 2026.4.10. The issue allows triggering navigation without full SSRF policy enforcement via browser interactions (pressKey/type submit flows), bypassing post-action security checks to perform unauthorized navigatio...

CVE-2026-43571 OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-tim...

CVE-2026-42437

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-42433 OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools

OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...