CVE-2026-45002
OpenClaw prior to 2026.4.20 contains a hook session-key bypass vulnerability that lets an attacker bypass the hooks.allowRequestSessionKey opt-in restriction. By using templated hook mappings, externally influenced session keys can be rendered to bypass webhook routing isolation controls. The ava...