Improper Trust Labeling in OpenClaw Webhook-Triggered Events
CVE-2026-44999

6.3MEDIUM

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-44999?

A vulnerability in OpenClaw prior to version 2026.4.20 allows for improper preservation of untrusted labels in isolated cron awareness events. This failure can lead to the recording of webhook-triggered cron agent outputs as trusted system events, enabling attackers to amplify prompt-injection attacks by misrepresenting untrusted events as legitimate and trusted interactions within the system.

Affected Version(s)

OpenClaw 0 < 2026.4.20

OpenClaw 2026.4.20

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://github.com/openclaw/openclaw/commit/f61896b03cc70...

patch

https://www.vulncheck.com/advisories/openclaw-improper-tr...

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
May 8, 2026

Credit

zsx (@zsxsoft)

KeenSecurityLab

qclawer

CVE-2026-44999 Data

JSON

Openclaw

What is CVE-2026-44999?

Affected Version(s)

References

CVSS V4

Timeline

Credit