CVE-2026-44999
Received Received - Intake
OpenClaw Cron Agent Output Trust Label Bypass

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: VulnCheck

Description
OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering untrusted events as trusted System events.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-44999
EUVD
EUVD-2026-29144
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.20 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-44999 is a vulnerability in OpenClaw versions prior to 2026.4.20 where isolated cron awareness events triggered by webhooks are incorrectly recorded as trusted system events instead of untrusted events.

This improper trust labeling means that events which should be marked as untrusted are mistakenly treated as trusted, allowing attackers to strengthen prompt-injection attacks by making untrusted events appear as trusted system events.

Impact Analysis

This vulnerability can increase the impact of prompt-injection attacks by allowing attackers to have their untrusted events treated as trusted system events.

While it does not directly bypass authentication, tool policies, or sandboxing, it can make malicious inputs more effective by exploiting the trust-labeling flaw.

The severity is considered low to medium, but it can still pose a risk by weakening the integrity of event trust verification.

Detection Guidance

This vulnerability involves improper trust labeling of isolated cron awareness events, where webhook-triggered cron agent outputs are incorrectly recorded as trusted system events. Detection would involve monitoring cron agent event logs and verifying the trust labels associated with these events.

Specifically, you should check if events generated by webhook-triggered isolated cron agents are marked as trusted or untrusted in your system logs or session awareness streams.

Since the issue is related to the 'trusted' flag in event logs, commands or scripts that parse these logs to identify events with unexpected trust labels could help detect the vulnerability.

However, no specific detection commands or tools are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.4.20 or later, where the vulnerability has been fixed.

The fix ensures that untrusted labels are preserved for isolated cron awareness events and that the trust flag is correctly forwarded through cron delivery helpers, preventing untrusted events from being recorded as trusted system events.

Until the upgrade can be applied, consider monitoring cron event logs for suspicious trust labeling and restrict webhook-triggered cron agent usage if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44999. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart