Description
OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that bypass subagent-only constraints, potentially escalating privileges or accessing restricted resources.
Published: 2026-05-11
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before 2026.4.22 contains a security envelope constraint bypass that allows a restricted subagent to spawn ACP child sessions without inheriting depth, child-count limits, control scope, or target-agent restrictions. Because the child sessions do not respect these constraints, an attacker who can control a subagent can use this flaw to bypass subagent-only limits, possibly escalating privileges or accessing resources that should be restricted. The likely attack vector is inferred from the description: an attacker with the ability to manipulate a restricted subagent may launch unauthorized child sessions, though the exact method is not explicitly detailed in the advisory.

Affected Systems

Affected products are OpenClaw:OpenClaw. All versions prior to 2026.4.22 are vulnerable; no specific patch version is listed beyond that cutoff. The impact may apply to deployments that rely on subagent restrictions to enforce access controls.

Risk and Exploitability

The CVSS score of 2.3 indicates low severity, and the EPSS score is not provided. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the ability to spawn ACP child sessions from a subagent with limited privileges; no remote code execution or high impact attack path has been identified. The likely risk is limited to the scope of subagents that can be compromised.

Generated by OpenCVE AI on May 11, 2026 at 18:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.22 or later to eliminate the bypass.
  • Revoke or restrict the ability of restricted subagents to spawn ACP child sessions until the patch can be applied.
  • Enable comprehensive logging for ACP child session creation and review logs for anomalies to detect potential bypass attempts.

Generated by OpenCVE AI on May 11, 2026 at 18:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that bypass subagent-only constraints, potentially escalating privileges or accessing restricted resources.
Title OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-266
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-11T17:25:42.338Z

Reserved: 2026-05-08T16:41:39.934Z

Link: CVE-2026-44997

cve-icon Vulnrichment

Updated: 2026-05-11T17:25:38.232Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T18:16:39.670

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-44997

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T19:15:42Z

Weaknesses