CVE-2026-44999

Summary

OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering untrusted events as trusted System events.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.4.20affected
OpenClawOpenClaw2026.4.20unaffected

Weaknesses

  • CWE-345: Insufficient Verification of Data Authenticity

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References