Description
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.
Published: 2026-05-05
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.4.10 contain an input validation flaw in the agent hook event handling logic. External hook metadata supplied by attackers can be enqueued as trusted system events, giving the attacker the ability to elevate untrusted input into an internal agent context. The flaw, identified as CWE‑345, enables injection of malicious data that can be executed with elevated privileges, potentially leading to remote code execution if the hook API is reachable from an attacker-controlled source.

Affected Systems

All deployments of OpenClaw running any release before 2026.4.10 are affected. The vulnerability exists in the core application built on a Node.js runtime and applies to every installation that employs the default hook handling mechanism. No specific hardware or firmware variants are mentioned, so the attack surface covers all general‑purpose installations using the standard hook API.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.3, designating it as critical. EPSS information is not available, so a quantitative likelihood of exploitation cannot be calculated, but the absence of mitigations implies that the flaw remains exploitable in environments where external hooks are enabled. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the hook registration endpoint, which, if exposed to an attacker, could allow the injection of malicious hook names and result in privilege escalation or remote code execution.

Generated by OpenCVE AI on May 5, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.10 or later, which removes the unsanitized input handling.
  • Disable or restrict access to the hook registration endpoint so that only trusted sources can submit hook metadata.
  • Enforce a whitelist of allowed hook names and perform strict validation before queuing events, following CWE‑345 mitigation guidelines.

Generated by OpenCVE AI on May 5, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7g8c-cfr3-vqqr OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input
History

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.
Title OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-345
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T11:25:06.675Z

Reserved: 2026-05-01T16:56:19.948Z

Link: CVE-2026-43534

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-05T12:16:19.750

Modified: 2026-05-05T19:32:49.650

Link: CVE-2026-43534

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T13:30:25Z

Weaknesses