3 matches found
CVE-2026-43566
OpenClaw is affected in versions 2026.4.7 through 2026.4.13 by a privilege escalation vulnerability caused by heartbeat owner downgrade logic that skips webhook wake events carrying untrusted content. An attacker can exploit this by sending untrusted webhook wake events to preserve an owner‑like ...
CVE-2026-43566
OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when th...
OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events
Summary Heartbeat owner downgrade missed untrusted webhook wake events. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.7 = 2026.4.14 Impact Heartbeat owner downgrade logic could skip webhook wake events carrying untrusted content, preserving...