CVE-2026-43534

CRITICAL

Details

CVSS v3: 9.1
CVSS v4: 9.3
NVD published: 2026-05-05 12:16:19
EPSS: <0.1% probability · 3.6th percentile — 2026-05-07
Affected versions: All OpenClaw versions before 2026.4.10
Summary: This vulnerability stems from insufficient input validation in OpenClaw. It allows untrusted external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate low-privilege untrusted input into a higher-trust agent execution context.
Remediation: Upgrade OpenClaw to version 2026.4.10 or newer. Implement strict input validation for all external hook metadata to block untrusted entries as a temporary workaround.
Exploit info: No public exploit found yet.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.