3 matches found
EUVD-2026-28168
OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged contex...
CVE-2026-43578
OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged contex...
CVE-2026-43578
OpenClaw 2026.3.31 before 2026.4.10 is affected by a privilege-escalation vulnerability in which heartbeat owner downgrade detection misses local background async exec completion events. Attackers can provide untrusted completion content to leave a run in a more privileged context than intended. ...