4 matches found
CVE-2026-44997
OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...
CVE-2026-44997
OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...
CVE-2026-44997
OpenClaw before 2026.4.22 is affected by a security envelope constraint bypass in ACP child sessions. The vulnerability allows restricted subagents to spawn ACP child sessions that do not inherit depth, child-count limits, control scope, or target-agent restrictions, potentially enabling privileg...
PT-2026-39686
OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...