9 matches found
EUVD-2026-29144
OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...
GHSA-M5J2-R859-R5CV Duplicate Advisory: OpenClaw: Isolated cron awareness events were recorded as trusted system events
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-57r2-h2wj-g887. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing...
Duplicate Advisory: OpenClaw: Isolated cron awareness events were recorded as trusted system events
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-57r2-h2wj-g887. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing...
CVE-2026-44999
OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...
CVE-2026-44999
OpenClaw CVE-2026-44999 affects the OpenClaw component prior to version 2026.4.20. The issue is a trust-labeling flaw for isolated cron awareness events: untrusted labels can be preserved for webhook-triggered cron agent output, causing such output to be recorded as trusted System events. This ca...
CVE-2026-44999 OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events
OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...
PT-2026-39688
OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...
GHSA-57R2-H2WJ-G887 OpenClaw: Isolated cron awareness events were recorded as trusted system events
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted...
OpenClaw: Isolated cron awareness events were recorded as trusted system events
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted...