CVE-2026-44997
Received Received - Intake
OpenClaw Constraint Bypass via Subagent Session Spawning

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: VulnCheck

Description
OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that bypass subagent-only constraints, potentially escalating privileges or accessing restricted resources.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-44997
EUVD
EUVD-2026-29142
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in OpenClaw before version 2026.4.22 allows restricted subagents to spawn ACP (Agent Communication Protocol) child sessions that do not properly inherit important security restrictions. These restrictions include limits on session depth, the number of active child sessions, control scope, and target-agent restrictions.

Because the child sessions bypass these constraints, attackers can exploit this flaw to create child sessions that escape subagent-only limitations, potentially escalating their privileges or gaining access to restricted resources.

Impact Analysis

The impact of this vulnerability is that an attacker controlling a restricted subagent could spawn child sessions that bypass security constraints intended to limit their capabilities.

  • Potential privilege escalation by bypassing subagent-only restrictions.
  • Unauthorized access to restricted resources that should be protected by session constraints.
  • Violation of session control policies such as depth limits and child session counts, which could lead to resource exhaustion or unexpected behavior.
Mitigation Strategies

To mitigate this vulnerability, you should upgrade OpenClaw to version 2026.4.22 or later, where the security envelope constraint bypass in ACP child sessions has been fixed.

The patch enforces subagent envelope inheritance on ACP child sessions, including checks for maximum spawn depth, active child session limits, and allowed agent IDs, preventing restricted subagents from spawning child sessions that bypass constraints.

Applying this update will prevent attackers from exploiting the vulnerability to escalate privileges or access restricted resources.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The provided resources do not include specific detection methods or commands to identify the presence of this vulnerability on a network or system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44997. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart