CVE-2026-44999— OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44999
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering untrusted events as trusted System events.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数据真实性的验证不充分
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.4.20之前版本存在数据伪造问题漏洞,该漏洞源于未能正确保留隔离cron感知事件的不可信标签,可能导致webhook触发的cron代理输出被记录为可信系统事件。攻击者可利用此信任标签问题将不可信事件呈现为可信系统事件,从而增强提示注入攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-44999
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44999
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-05-11 · 18 CVEs total
| CVE-2026-45223 | 8.8 HIGH | Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection |
| CVE-2026-45006 | 8.8 HIGH | OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass |
| CVE-2026-45004 | 7.8 HIGH | OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Direct |
| CVE-2026-44995 | 7.3 HIGH | OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables |
| CVE-2026-45001 | 7.1 HIGH | OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access |
| CVE-2026-45224 | 7.1 HIGH | Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution |
| CVE-2026-45005 | 6.0 MEDIUM | OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation |
| CVE-2026-44993 | 5.4 MEDIUM | OpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions |
| CVE-2026-44998 | 5.4 MEDIUM | OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools |
| CVE-2026-45002 | 5.3 MEDIUM | OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping |
| CVE-2026-44994 | 5.3 MEDIUM | OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoi |
| CVE-2026-45000 | 5.0 MEDIUM | OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation |
| CVE-2026-44992 | 5.0 MEDIUM | OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv |
| CVE-2026-45003 | 5.0 MEDIUM | OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files |
| CVE-2026-44997 | 4.3 MEDIUM | OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions |
| CVE-2026-44991 | 4.2 MEDIUM | OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channe |
| CVE-2026-44996 | 3.7 LOW | OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-45006
OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway To - CVE-2026-45005
OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invali - CVE-2026-45004
OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-ap - CVE-2026-45003
OpenClaw < 2026.4.22 - Connector Endpoint Host Override via - CVE-2026-45002
OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template
Same vendor: OpenClaw
- CVE-2026-8634
Crabbox < v0.12.0 Environment Variable Information Disclosur - CVE-2026-8629
Crabbox < v0.12.0 Privilege Escalation via Agent Ticket Endp - CVE-2026-8621
Crabbox < v0.12.0 Authentication Bypass via Header Spoofing - CVE-2026-45224
Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace R - CVE-2026-45223
Crabbox < 0.9.0 Authentication Bypass via Admin Claim Inject
Same weakness: CWE-345
- CVE-2026-44308
Spring Cloud AWS: Missing SNS message signature verification - CVE-2026-42575
apko doesn't verify downloaded apk packages against APKINDEX - CVE-2026-41432
New API: Stripe Webhook Signature Bypass via Empty Secret En - CVE-2026-42206
Roadiz OpenID Connect nonce generated but never validated — - CVE-2026-31835
Vaultwarden WebAuthn credential metadata tampered before sig
V. Comments for CVE-2026-44999
No comments yet