Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-43534: OpenClaw before 2026.4.10 lets attackers escalate input
CVE-2026-43534
Summary
OpenClaw, a system management tool, has a security flaw that allows attackers to make it do more than intended. This could lead to unauthorized actions on the system. To stay safe, update to the latest version of OpenClaw (2026.4.10 or later) as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| openclaw | openclaw |
< 2026.4.10 cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* |
Original title
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalat...
Original description
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.
nvd CVSS3.1
9.1
nvd CVSS4.0
9.3
Vulnerability type
CWE-345
Published: 5 May 2026 · Updated: 23 May 2026 · First seen: 5 May 2026