CVE-2026-44999
OpenClaw Cron Agent Output Trust Label Bypass
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.20 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-44999 is a vulnerability in OpenClaw versions prior to 2026.4.20 where isolated cron awareness events triggered by webhooks are incorrectly recorded as trusted system events instead of untrusted events.
This improper trust labeling means that events which should be marked as untrusted are mistakenly treated as trusted, allowing attackers to strengthen prompt-injection attacks by making untrusted events appear as trusted system events.
How can this vulnerability impact me? :
This vulnerability can increase the impact of prompt-injection attacks by allowing attackers to have their untrusted events treated as trusted system events.
While it does not directly bypass authentication, tool policies, or sandboxing, it can make malicious inputs more effective by exploiting the trust-labeling flaw.
The severity is considered low to medium, but it can still pose a risk by weakening the integrity of event trust verification.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper trust labeling of isolated cron awareness events, where webhook-triggered cron agent outputs are incorrectly recorded as trusted system events. Detection would involve monitoring cron agent event logs and verifying the trust labels associated with these events.
Specifically, you should check if events generated by webhook-triggered isolated cron agents are marked as trusted or untrusted in your system logs or session awareness streams.
Since the issue is related to the 'trusted' flag in event logs, commands or scripts that parse these logs to identify events with unexpected trust labels could help detect the vulnerability.
However, no specific detection commands or tools are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.4.20 or later, where the vulnerability has been fixed.
The fix ensures that untrusted labels are preserved for isolated cron awareness events and that the trust flag is correctly forwarded through cron delivery helpers, preventing untrusted events from being recorded as trusted system events.
Until the upgrade can be applied, consider monitoring cron event logs for suspicious trust labeling and restrict webhook-triggered cron agent usage if possible.